Windows
Analysis Report
RJ-LLOH-DN1_1-20241219013626-16004075.PDF
Overview
General Information
Detection
Score: | 21 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 40% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 7256 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\R J-LLOH-DN1 _1-2024121 9013626-16 004075.PDF " MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 7436 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7632 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 24 --field -trial-han dle=1744,i ,103031621 3377305049 4,14992278 1282599069 83,131072 --disable- features=B ackForward Cache,Calc ulateNativ eWinOcclus ion,WinUse BrowserSpe llChecker /prefetch: 8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- Acrobat.exe (PID: 7348 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" --ty pe=rendere r /prefetc h:1 "C:\Us ers\user\D esktop\RJ- LLOH-DN1_1 -202412190 13626-1600 4075.PDF" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - WerFault.exe (PID: 7720 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 7 348 -s 169 6 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
- cleanup
Click to jump to signature section
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | OLE indicator, VBA macros: |
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: |
Source: | Process created: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Binary or memory string: |
Source: | Binary or memory string: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | Windows Management Instrumentation | 1 Scripting | 2 Process Injection | 1 Masquerading | OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 2 Process Injection | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | 1 System Information Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1579945 |
Start date and time: | 2024-12-23 16:37:45 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 27s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 13 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 1 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | RJ-LLOH-DN1_1-20241219013626-16004075.PDF |
Detection: | SUS |
Classification: | sus21.evad.winPDF@15/27@0/0 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.218.208.137, 34.237.241.83, 18.213.11.84, 54.224.241.105, 50.16.47.176, 172.64.41.3, 162.159.61.3, 20.189.173.21, 23.218.208.109, 20.190.147.2, 4.175.87.197, 13.107.246.63
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, login.live.com, ssl-delivery.adobe.com.edgekey.net, blobcollector.events.data.trafficmanager.net, onedsblobprdwus16.westus.cloudapp.azure.com, umwatson.events.data.microsoft.com, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: RJ-LLOH-DN1_1-20241219013626-16004075.PDF
Time | Type | Description |
---|---|---|
10:39:11 | API Interceptor |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Acrobat.exe_ed3ebc145db33ad9157e6e17c9ac766fd81311_71e7ed2f_52d2c8e6-5f39-4ac8-95f5-139f216652ef\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.154294247064937 |
Encrypted: | false |
SSDEEP: | 192:EJblNqgC0lcHMsj/lwKgrlUdzuiFZZ24lO8+Iz:+blogJlcHMsjEazuiFZY4lO8+I |
MD5: | 3AB6DCD9EBED7E01FBCC0EBD1F224357 |
SHA1: | 1FE63BAE589499F07B025FAE094D664B07EEE763 |
SHA-256: | 583040A3B56FBDAB4D4DCA7759AD4CCD8E22FF565195B34FADDD32575F893977 |
SHA-512: | F55D7A2816F10F932A1EA1D9147BCECD526CBF87A3CECD8A0D0BFE71B72BB8C108B3872CA89430A497641756ED6D0DE61DFF5849092265E569C0FEB84FE08E45 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 310236 |
Entropy (8bit): | 1.629045001469473 |
Encrypted: | false |
SSDEEP: | 768:SYc/cHV2joasyGLNZqBKnl4/4BKl6RlLnXmQgudRZe:yo4AqBKnl4AB7lLnXmQgwRQ |
MD5: | AC67F0A112ECDBBA94E934D4162BD879 |
SHA1: | 2EF8649C35BF65FDC10F650343B4CBBEF23AA3A4 |
SHA-256: | F1C29D02D651DBC94CA8D916040773B7113978A0157CD76F651CBF603A082631 |
SHA-512: | 86177777FCD36FD891F1F44665E261801297BFA691CBE48ACF4366504C767831EDC702D27CF91A21F1E0670FA69C39FDC37C11619BC52F0875C296D20D366208 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 7840 |
Entropy (8bit): | 3.7272876869876255 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJ5pxYoN+lLwprW89b3XJ85s85Cflx1fOdm:R6lXJ3xYWAq358S8sflx1fF |
MD5: | C09653B094E8E86B3688F9D58F572B22 |
SHA1: | 1FAF2D02C244B97F0F411F77D2E92F3075BA921B |
SHA-256: | B0908009B3C709B1521A6C0C229B83E7C8B1A3EEB08100BE66E682B772D957CF |
SHA-512: | F8BBAB6C995BFD1CF86B82D86B9B7A621846223A276C42574DC6E3EC16089A71CC9A4D5C3CC055CDFB9D0AFE202AE74F320612A77A859D7C8E6F7529C5747BBF |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4691 |
Entropy (8bit): | 4.45035624998495 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsHJg771I9vcWpW8VYfjsYm8M4J2CNmFJroyq85XHxU7DSxXyyDd:uIjfpI7wV7VEdJYro37OXyyDd |
MD5: | 31115AF8AE8943AB0EAC928D1C85E8B4 |
SHA1: | 4795ACF71164E0C15ED6C2BAE297F58F7A67CAE4 |
SHA-256: | EF8E57472F7C8441DC1E9BFA6D4CEAF742EE89A2B502F38EE7581632E19F3B20 |
SHA-512: | 77E6FC48A41576480FA116DA33212694F8E67AEAD8E72ED6F19AA5442A5A8450205708E59CF03C1A74B2999AF6188206DF1CA99B6B00B5A49F92E6F210B60676 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.192021591451183 |
Encrypted: | false |
SSDEEP: | 6:3UQRgVq2Pwkn2nKuAl9OmbnIFUt8YUQRygZmw+YUQRyIkwOwkn2nKuAl9OmbjLJ:k3vYfHAahFUt8hQ/+hY5JfHAaSJ |
MD5: | 63E3AF676A017CC7A85A26044366227B |
SHA1: | 6BC356E3FF630EC9EAB816B876D12D772AE657A6 |
SHA-256: | 7DDE9FA9C895CB20F9E034ED6396FE4082E1261560E8F15034267D21C2458574 |
SHA-512: | 7295DC37B2E68FC2335ED3FE8C1225CE677CB43F94D20606D78528E5A3CE9C59684E7340F40DD95F30140F7B83A3793C611A39CD819DA27C7C7FB9E16A7177D3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.192021591451183 |
Encrypted: | false |
SSDEEP: | 6:3UQRgVq2Pwkn2nKuAl9OmbnIFUt8YUQRygZmw+YUQRyIkwOwkn2nKuAl9OmbjLJ:k3vYfHAahFUt8hQ/+hY5JfHAaSJ |
MD5: | 63E3AF676A017CC7A85A26044366227B |
SHA1: | 6BC356E3FF630EC9EAB816B876D12D772AE657A6 |
SHA-256: | 7DDE9FA9C895CB20F9E034ED6396FE4082E1261560E8F15034267D21C2458574 |
SHA-512: | 7295DC37B2E68FC2335ED3FE8C1225CE677CB43F94D20606D78528E5A3CE9C59684E7340F40DD95F30140F7B83A3793C611A39CD819DA27C7C7FB9E16A7177D3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.156579962662395 |
Encrypted: | false |
SSDEEP: | 6:3UQ2yq2Pwkn2nKuAl9Ombzo2jMGIFUt8YUUEz1Zmw+YUUElRkwOwkn2nKuAl9OmT:kGvYfHAa8uFUt8hUu1/+hUA5JfHAa8RJ |
MD5: | 12C9392A103E4A7F154C693D815B5819 |
SHA1: | E26185C1A2B1FA39FBDEAC2F48FFE40CFB560302 |
SHA-256: | 12253E33A998F59DBE32B9068A09E247CE8897CFDB748CA7394BACBCC1ECCD5E |
SHA-512: | 7FBF6DE339040FBC371A683EDEA7B7356C3E9E6C2ED38A4C58A20F3C38C23FD65C0EC1A4B9C34E385EBC695F875CA2A79CB583FF5A26AFD0227DE6BEFE3E7BBE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.156579962662395 |
Encrypted: | false |
SSDEEP: | 6:3UQ2yq2Pwkn2nKuAl9Ombzo2jMGIFUt8YUUEz1Zmw+YUUElRkwOwkn2nKuAl9OmT:kGvYfHAa8uFUt8hUu1/+hUA5JfHAa8RJ |
MD5: | 12C9392A103E4A7F154C693D815B5819 |
SHA1: | E26185C1A2B1FA39FBDEAC2F48FFE40CFB560302 |
SHA-256: | 12253E33A998F59DBE32B9068A09E247CE8897CFDB748CA7394BACBCC1ECCD5E |
SHA-512: | 7FBF6DE339040FBC371A683EDEA7B7356C3E9E6C2ED38A4C58A20F3C38C23FD65C0EC1A4B9C34E385EBC695F875CA2A79CB583FF5A26AFD0227DE6BEFE3E7BBE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\4a20a3ef-9fcc-466a-8dda-35e5e76284cc.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 443 |
Entropy (8bit): | 4.96924364562369 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqYksBd2caq3QYiubInP7E4TX:Y2sRdsrJdJ3QYhbG7n7 |
MD5: | E6BB34E20212D50DD76ED498BD139C21 |
SHA1: | A1A56D59DB41BD95205928331BD405EF69237F43 |
SHA-256: | 1632A10DD18745D2173F6A8483AA8A7F402C2BA8AEDD5D88809E8EC65560917D |
SHA-512: | 987C868C697C900AC6D69AF25F6F614C25CE241DAD545539F193CE988ED2392862FAD2C9C6B765CCCD92BD893C51467839759E9BC890DF4E5C740BF279B7042E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\87dd78cb-d131-4d1c-beec-48f68867fc66.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.967403857886107 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7 |
MD5: | B7761633048D74E3C02F61AD04E00147 |
SHA1: | 72A2D446DF757BAEA2C7A58C050925976E4C9372 |
SHA-256: | 1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67 |
SHA-512: | 397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.967403857886107 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7 |
MD5: | B7761633048D74E3C02F61AD04E00147 |
SHA1: | 72A2D446DF757BAEA2C7A58C050925976E4C9372 |
SHA-256: | 1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67 |
SHA-512: | 397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF610bfe.TMP (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.967403857886107 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7 |
MD5: | B7761633048D74E3C02F61AD04E00147 |
SHA1: | 72A2D446DF757BAEA2C7A58C050925976E4C9372 |
SHA-256: | 1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67 |
SHA-512: | 397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.255767915680094 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7snNFWKN8EZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goA |
MD5: | E3B98CFFC977BE2E09D51B25F2C27F79 |
SHA1: | 5250862F5433FF46BF14D62AA9D84F42E3355B51 |
SHA-256: | 218CEB0ECAB555041675952BBE6B7C662A6C476665C5FA5446CC4494C189991C |
SHA-512: | FCE9EDD16715F048655EDFC68B31759B4F8A64410842CAEE014847E7099378477D73F7F73B5C3AF9E10C603FF470950F219BFC849C0943BCE21649DC19CE44E1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.151097409062914 |
Encrypted: | false |
SSDEEP: | 6:3Uks9yq2Pwkn2nKuAl9OmbzNMxIFUt8YUfqVFz1Zmw+YU5GRkwOwkn2nKuAl9Omk:kkFvYfHAa8jFUt8hfQ1/+hM5JfHAa84J |
MD5: | AF2C04FFB08E98241A233E2150055783 |
SHA1: | 282C0769DF1400752C2293C4EA70DE30CFCC3C93 |
SHA-256: | DD5568F0C13B098F7AF2DC19832DB8651C442FACD8B61EEDD16027FB2D939057 |
SHA-512: | B67E34E1EB3050384EA5AEC10893AAB279431D37522E30483CB0E0213ED3CA4184591A105F5243B208B1E7EB34A54E6BC1A7E62F66A86D280BC7EDE4ADB58F95 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.151097409062914 |
Encrypted: | false |
SSDEEP: | 6:3Uks9yq2Pwkn2nKuAl9OmbzNMxIFUt8YUfqVFz1Zmw+YU5GRkwOwkn2nKuAl9Omk:kkFvYfHAa8jFUt8hfQ1/+hM5JfHAa84J |
MD5: | AF2C04FFB08E98241A233E2150055783 |
SHA1: | 282C0769DF1400752C2293C4EA70DE30CFCC3C93 |
SHA-256: | DD5568F0C13B098F7AF2DC19832DB8651C442FACD8B61EEDD16027FB2D939057 |
SHA-512: | B67E34E1EB3050384EA5AEC10893AAB279431D37522E30483CB0E0213ED3CA4184591A105F5243B208B1E7EB34A54E6BC1A7E62F66A86D280BC7EDE4ADB58F95 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2306 |
Entropy (8bit): | 5.065673237852454 |
Encrypted: | false |
SSDEEP: | 48:YTe4w2sL0/EY0bMSlMtCM5mMOpiMAW0MretMSMmkaMY:Arv/SYtt55V6AWLre6JmkhY |
MD5: | 27BF1ED3A451D66E0A45F3C32C769644 |
SHA1: | 90A6F7458493E6EF93C082EC22910F6DBEE88879 |
SHA-256: | 72E038E6C61F67D73077034E5F7E44D534651F7ACCA8576694EDE32833C7FAF3 |
SHA-512: | DB276226DD2C2A29D2A59AC4BF637229124EE0E84CCC96F247A76098AD318EE2C47B6066EFEEDC87AC9F99EF479C488FCF9DA9F2C75663B501E5B3184B11B12A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.1869276125517305 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUuSvR9H9vxFGiDIAEkGVvpE:lNVmswUUUUUUUUu+FGSIto |
MD5: | 7DE2D7CBA53C9E0E9BEB6616B337E78D |
SHA1: | EF2E13B7443EFFB563805F9279BBA5FD8A25BEA5 |
SHA-256: | E8D6D954B5DE1748FAC6585FF51D685F6A2079BEBFE223BA05913EFB045E6DCE |
SHA-512: | 9BAD19864569E5E61FE18B17B93484EB0BFB1C0DC38EEE15EEA7AB9095B843297317D30570DD84AB8A1D65C29514C00A1630BC0929533498D558FA2475D5AD15 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.6054823530789581 |
Encrypted: | false |
SSDEEP: | 48:7M8KUUUUUUUUUU8vR9H9vxFGiDIAEkGVvUqFl2GL7msa:7UUUUUUUUUUUMFGSItyKVmsa |
MD5: | E5828A8CEA826DF60F6379E8865E3BC2 |
SHA1: | 55F71DAAAEBAD93842BD64AB203A3865ECD2FDD7 |
SHA-256: | D82A1C7EA9F725A3F405DC6A0ABA1D04D4D4F9D3B9A8621B481C4EC903B95EF6 |
SHA-512: | 47B331C9C0DFB67396C85B6627A745D3FDC6E5815D926AEA8020FDBF2C4BD6C1ADFA7111902262DEC1A9E28C49BB792E1C88720A15599876C531371935F8B7DC |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5274671434738973 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8rOlAadNaNGe:Qw946cPbiOxDlbYnuRKDliv |
MD5: | 855EACC394EF60D04924BCDC90755488 |
SHA1: | 5EF0BBB234AF9343AA3876A32F8D1CC26183C118 |
SHA-256: | 80A90FB5C3319E923C96F4060BF7CF02C96F1BB015256E434081DFD41029ED89 |
SHA-512: | 9B57E758B5065DA2470D0F09FA928AECBB6660CB02FC89FCEFA2C08C453E2C57F47567DC430406BADE82BCEFE06E25B8069BF570A46DD4067A138446565BDD27 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-23 10-38-42-724.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.344779722009806 |
Encrypted: | false |
SSDEEP: | 384:BeDvvvavvvvvmvUInKnN7ntn1nFn7nYnK23NwNacgc6c/cncccnPEudxd5d7y9yQ:1/A |
MD5: | 8B7013CF51160BBF473E0CD41F70BE90 |
SHA1: | E2E6A420B6DE58C767E04300BC5BC1DC9EA0ECD7 |
SHA-256: | EA56034D0B7A7501B784B55086FEB7B070EDD164F223BCA2BE8F7B1FB95C9D79 |
SHA-512: | F6EFAEE022E2BAA1C2F2C476DC625095A5A7D7FF583EF92D3B9D2699DFAC735FA52FDAB417781EFD92F356F9D7C2606C3DA4345E2FD02A0694D065CA4610263B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.387370294127624 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rT:X |
MD5: | BBC23C5DBECE57AEE65A4B6D170B7B6A |
SHA1: | 6BD6701058181F148B98566799D5F5A66D3BAC4F |
SHA-256: | AA437112CC397B3B6940B30DC9A7C28EBFB2F9A3013B4BEA1B5EAD11CBF1820F |
SHA-512: | 5FCE26FA35662196AD3D78713F695F36A16340AB6A42BE7AE5E877EBFDF3077C6B9516CBC72EFF80E8A1E3A991D354741F3780B87F1B9D941B93C8E4BB7C81F7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw |
MD5: | 8B9FA2EC5118087D19CFDB20DA7C4C26 |
SHA1: | E32D6A1829B18717EF1455B73E88D36E0410EF93 |
SHA-256: | 4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD |
SHA-512: | 662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.696131811982768 |
TrID: |
|
File name: | RJ-LLOH-DN1_1-20241219013626-16004075.PDF |
File size: | 39'349 bytes |
MD5: | 9b0e379fc6ecb42a16b3cff68024da3f |
SHA1: | f77a692c3a62052a94361ef6c543faae1acd5a00 |
SHA256: | 9841d4b8993533887a5f67bd4a191d441ff3cd030011295d1ee752d24c0ef57a |
SHA512: | afe5aaad1147a8528962016c0d55a49d995d5f3050edd6e9af137d7d48607e77bc22141d19d8319d8c1e46916a0f541b0af92ef0cdeeb26e612e2bfea95cb374 |
SSDEEP: | 768:qsRtnSQeLG1pTAvqFzd9u7DZScfAd0g+fKfjAHSUuKrVxbtkR8SsbRMoYQKT4pD/:5jSQeG36qFhQHZq+g+fE+NK3kVKdOqvg |
TLSH: | A003BF94B80AECDDF55287F7EB26A2C3681CF30610D464D118FC4E4F1EA0F5A7ABA149 |
File Content Preview: | %PDF-1.3..%......1 0 obj..<</Title (DN1_1)/Producer (ComponentOne C1Report)/CreationDate (D:20241219133626-08'00')/ModDate (D:20241219133626-08'00')>>..endobj..2 0 obj..<</Length 5044/Filter /FlateDecode>>stream..x..RMK.@......,8.......E..Z. ...$UZ..}gSKS |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.3 |
Total Entropy: | 7.696132 |
Total Bytes: | 39349 |
Stream Entropy: | 7.785998 |
Stream Bytes: | 32316 |
Entropy outside Streams: | 5.241619 |
Bytes outside Streams: | 7033 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 40 |
endobj | 40 |
stream | 11 |
endstream | 11 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 3 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
31 | ed9d969a9a945564 | 4046225dc5b11e4c6025bd9f5f422bd6 | |
32 | 000202060c186040 | 71216537fce8a21652fd55f711019fb7 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 10:38:39 |
Start date: | 23/12/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 1 |
Start time: | 10:38:40 |
Start date: | 23/12/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 10:38:40 |
Start date: | 23/12/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 6 |
Start time: | 10:38:44 |
Start date: | 23/12/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | |
Commandline: | |
Imagebase: | |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 9 |
Start time: | 10:38:47 |
Start date: | 23/12/2024 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f44b0000 |
File size: | 570'736 bytes |
MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |