Edit tour
Windows
Analysis Report
FA-EDI-2409-0280.pdf
Overview
General Information
Detection
Score: | 25 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
HTML page contains obfuscated javascript
Connects to several IPs in different countries
Detected hidden input values containing email addresses (often used in phishing pages)
Detected suspicious crossdomain redirect
Found iframes
HTML body contains low number of good links
HTML page contains hidden javascript code
IP address seen in connection with other malware
Invalid T&C link found
JA3 SSL client fingerprint seen in connection with other malware
No HTML title found
PDF has an OpenAction (likely to launch a dropper script)
Classification
- System is w10x64
- Acrobat.exe (PID: 424 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\F A-EDI-2409 -0280.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 7040 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 2996 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 88 --field -trial-han dle=1740,i ,400412098 0904792418 ,121537914 0394703067 0,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- chrome.exe (PID: 8084 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "http: //www.tcpd f.org" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92) - chrome.exe (PID: 7116 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2268 --fi eld-trial- handle=221 2,i,183673 7215276398 1669,44121 2640499137 429,262144 /prefetch :8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
Phishing |
---|
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |