8ea0317c8b6921a3317f42e562baabe199894c35729ab58e0383ff96ccc97e50

Analysis

max time kernel
142s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 09:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1573a28489deecf3ab8d87ec11546657_JaffaCakes118.pdf
Size

102KB
MD5

1573a28489deecf3ab8d87ec11546657
SHA1

5fe1f35d68ed28b48095bf0e1ca29a869dd24c72
SHA256

8ea0317c8b6921a3317f42e562baabe199894c35729ab58e0383ff96ccc97e50
SHA512

6bb0e7a4e749fda18bd2f03d36384561819aa416cc4002453807d2c9b0899b941c7bba9e8813b1e3bfe1bb2a1cdc43f4e51fbddd97a1713171ac7a5aa1792c5c
SSDEEP

96:WEDsNyfV0aWJ5vFB+OuWwpDauRwpPQ5urYPWYuQX9MILR6CBqtZZPmPDx+:WysN0AuWcFRwNQoemQXiAM9NP4F+

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4124	AcroRd32.exe
4124	AcroRd32.exe
4124	AcroRd32.exe
4124	AcroRd32.exe
4124	AcroRd32.exe
4124	AcroRd32.exe
4124	AcroRd32.exe
4124	AcroRd32.exe
4124	AcroRd32.exe
4124	AcroRd32.exe
4124	AcroRd32.exe
4124	AcroRd32.exe
4124	AcroRd32.exe
4124	AcroRd32.exe
4124	AcroRd32.exe
4124	AcroRd32.exe
4124	AcroRd32.exe
4124	AcroRd32.exe
4124	AcroRd32.exe
4124	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4124	AcroRd32.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
4124	AcroRd32.exe
4124	AcroRd32.exe
4124	AcroRd32.exe
4124	AcroRd32.exe
4124	AcroRd32.exe
4124	AcroRd32.exe
4124	AcroRd32.exe
4124	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4124 wrote to memory of 4068	4124	AcroRd32.exe	85
PID 4124 wrote to memory of 4068	4124	AcroRd32.exe	85
PID 4124 wrote to memory of 4068	4124	AcroRd32.exe	85
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 3240	4068	RdrCEF.exe	86
PID 4068 wrote to memory of 1520	4068	RdrCEF.exe	87
PID 4068 wrote to memory of 1520	4068	RdrCEF.exe	87
PID 4068 wrote to memory of 1520	4068	RdrCEF.exe	87
PID 4068 wrote to memory of 1520	4068	RdrCEF.exe	87
PID 4068 wrote to memory of 1520	4068	RdrCEF.exe	87
PID 4068 wrote to memory of 1520	4068	RdrCEF.exe	87
PID 4068 wrote to memory of 1520	4068	RdrCEF.exe	87
PID 4068 wrote to memory of 1520	4068	RdrCEF.exe	87
PID 4068 wrote to memory of 1520	4068	RdrCEF.exe	87
PID 4068 wrote to memory of 1520	4068	RdrCEF.exe	87
PID 4068 wrote to memory of 1520	4068	RdrCEF.exe	87
PID 4068 wrote to memory of 1520	4068	RdrCEF.exe	87
PID 4068 wrote to memory of 1520	4068	RdrCEF.exe	87
PID 4068 wrote to memory of 1520	4068	RdrCEF.exe	87
PID 4068 wrote to memory of 1520	4068	RdrCEF.exe	87
PID 4068 wrote to memory of 1520	4068	RdrCEF.exe	87
PID 4068 wrote to memory of 1520	4068	RdrCEF.exe	87
PID 4068 wrote to memory of 1520	4068	RdrCEF.exe	87
PID 4068 wrote to memory of 1520	4068	RdrCEF.exe	87
PID 4068 wrote to memory of 1520	4068	RdrCEF.exe	87

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\1573a28489deecf3ab8d87ec11546657_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4124
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4068
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8572B24D47502D546A11D2F5ECEBFA28 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3240
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=5A6A942F88B8D822C87015FDF24B3C8C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=5A6A942F88B8D822C87015FDF24B3C8C --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1520
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6C355C2664BAECFC37766A01321B7662 --mojo-platform-channel-handle=2292 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2200
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=1D4E1112945E71B1CF32E02101300704 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=1D4E1112945E71B1CF32E02101300704 --renderer-client-id=5 --mojo-platform-channel-handle=1936 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4564
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F7AF88EBD854FBDBD77EAABF8DF7A880 --mojo-platform-channel-handle=1880 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5004
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B05B52B98F1BAA1B846DC96E623A01BC --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B05B52B98F1BAA1B846DC96E623A01BC --renderer-client-id=7 --mojo-platform-channel-handle=2296 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4332
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E62E1EBEAAA851D4A88555CBFA6E809F --mojo-platform-channel-handle=3048 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
8121f04b2b0b681ca79bb7f3f5ddbc9b

SHA1
5329c1b2e3e158203f944db9973893c1dbf047ab

SHA256
10e24cd0008d256643d1acb144b9990ca7f385739b0e42c98ff3a10dfd522cc1

SHA512
e63bfabe4582709155f83acc81555a00885058ba35961e2ea745de98866c2aecabe5ff2f40e1a4b5a43d281496bb59c7eac4d80ea7d73a6b2b8c8d91d4a754af

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
f6806a71f3cfffb212ea830f27f036a6

SHA1
ccb28adffb017fe13288bd0105994d471308562a

SHA256
cb81ef9ce5e9a35803c40291fcfc49650bc1d692b9da7d3896aaedc4841a3eeb

SHA512
9c6423e25a5f48bd274bd5c2b7998bdbcba25ecb34ac96af60cc9f099352a6af84306a76c6e505f7945708d2e54fded8edf23136b240adc76d7f0ecc278f2f0f

Download Submit
memory/4124-40-0x000000000AD80000-0x000000000ADA1000-memory.dmp

Filesize
132KB

Download