Windows
Analysis Report
su11ra_2_7197.PDF
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 5548 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\s u11ra_2_71 97.PDF" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 3788 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 1240 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 00 --field -trial-han dle=1536,i ,122427001 7000805321 6,98604246 8791946067 8,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1528868 |
Start date and time: | 2024-10-08 10:59:36 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 3s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | su11ra_2_7197.PDF |
Detection: | CLEAN |
Classification: | clean0.winPDF@14/25@0/0 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 107.22.247.231, 54.144.73.197, 34.193.227.236, 18.207.85.246, 172.64.41.3, 162.159.61.3, 95.101.148.135, 2.19.126.143, 2.19.126.149
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, e4578.dscb.akamaiedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
Input | Output |
---|---|
URL: PDF document Model: jbxai | |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.189636457193024 |
Encrypted: | false |
SSDEEP: | 6:cGRZ+q2P92nKuAl9OmbnIFUt8LG31Zmw+LG3ZVkwO92nKuAl9OmbjLJ:cGRUv4HAahFUt8LGF/+LGX5LHAaSJ |
MD5: | 9ECC4FEB7873F2567E4D7EAFB22DAA3B |
SHA1: | 9E1B49345051119768B35151F3292465225101C0 |
SHA-256: | F483820C824227078039CA00E341841A3A5409F8FD7D41D20CB7F3660DA3EF1E |
SHA-512: | FCBA861F38C99480C6C84BCECDFA4A98AC06FC3EAC254C77872CAA3E6343DBFCAA20F127BD50D67DF894B8E0E075B9C91E8CE85B15E5675C54E8C206378412E3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.189636457193024 |
Encrypted: | false |
SSDEEP: | 6:cGRZ+q2P92nKuAl9OmbnIFUt8LG31Zmw+LG3ZVkwO92nKuAl9OmbjLJ:cGRUv4HAahFUt8LGF/+LGX5LHAaSJ |
MD5: | 9ECC4FEB7873F2567E4D7EAFB22DAA3B |
SHA1: | 9E1B49345051119768B35151F3292465225101C0 |
SHA-256: | F483820C824227078039CA00E341841A3A5409F8FD7D41D20CB7F3660DA3EF1E |
SHA-512: | FCBA861F38C99480C6C84BCECDFA4A98AC06FC3EAC254C77872CAA3E6343DBFCAA20F127BD50D67DF894B8E0E075B9C91E8CE85B15E5675C54E8C206378412E3 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.141120831111604 |
Encrypted: | false |
SSDEEP: | 6:cGAa4q2P92nKuAl9Ombzo2jMGIFUt8LGvJZmw+LGpDkwO92nKuAl9Ombzo2jMmLJ:cGAa4v4HAa8uFUt8LGvJ/+LGpD5LHAaU |
MD5: | A9B2E57930E944A2B1D6A5B7566941A6 |
SHA1: | 72F22EEB80E16413AF5708E6E570205D87ED7E87 |
SHA-256: | 8CBDA572FF4A706978FC082B15F7BE2C5DDEDEF57F8C2A91C2DBE5CAB89F1564 |
SHA-512: | E17FA481D7550095FF2B8D6444866005E58867C08C5AF0A9E1820FA833B61241E8448D59A7F9CA1A19E908D1B57FCB78F7AEAB884D264BF80D8FBEF35A0A8E75 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.141120831111604 |
Encrypted: | false |
SSDEEP: | 6:cGAa4q2P92nKuAl9Ombzo2jMGIFUt8LGvJZmw+LGpDkwO92nKuAl9Ombzo2jMmLJ:cGAa4v4HAa8uFUt8LGvJ/+LGpD5LHAaU |
MD5: | A9B2E57930E944A2B1D6A5B7566941A6 |
SHA1: | 72F22EEB80E16413AF5708E6E570205D87ED7E87 |
SHA-256: | 8CBDA572FF4A706978FC082B15F7BE2C5DDEDEF57F8C2A91C2DBE5CAB89F1564 |
SHA-512: | E17FA481D7550095FF2B8D6444866005E58867C08C5AF0A9E1820FA833B61241E8448D59A7F9CA1A19E908D1B57FCB78F7AEAB884D264BF80D8FBEF35A0A8E75 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.000414071995525 |
Encrypted: | false |
SSDEEP: | 6:YHpoueHOJ3/QBRXH2a9a1o3/QBR7Y53h6ubQ+a4MS7PMVKJTnMRK3B1KF+:YH/um3a2caq3QYiubxnP7E4T3OF+ |
MD5: | 094E8186E78F46D22F313430DAD475E0 |
SHA1: | 57B88C51F5BA01F780FD5F95B7969E461A32A75E |
SHA-256: | EA2B66BF2AEB3CA9245E81717D5D4F4E645DAB5F59124D1A1303E31434201E1A |
SHA-512: | 41B024FC6C4912E698197BB85873C86364E566193D7419AEFA16DBB54041BB304BA09204A60AFB1F76A3A41C6EE72CD7D0631CE334F22B9FABD1E7C3F00FF1AC |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\bf60501d-c7b9-415f-802a-a5ba62a4e903.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 358 |
Entropy (8bit): | 5.000414071995525 |
Encrypted: | false |
SSDEEP: | 6:YHpoueHOJ3/QBRXH2a9a1o3/QBR7Y53h6ubQ+a4MS7PMVKJTnMRK3B1KF+:YH/um3a2caq3QYiubxnP7E4T3OF+ |
MD5: | 094E8186E78F46D22F313430DAD475E0 |
SHA1: | 57B88C51F5BA01F780FD5F95B7969E461A32A75E |
SHA-256: | EA2B66BF2AEB3CA9245E81717D5D4F4E645DAB5F59124D1A1303E31434201E1A |
SHA-512: | 41B024FC6C4912E698197BB85873C86364E566193D7419AEFA16DBB54041BB304BA09204A60AFB1F76A3A41C6EE72CD7D0631CE334F22B9FABD1E7C3F00FF1AC |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4509 |
Entropy (8bit): | 5.232858389258824 |
Encrypted: | false |
SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUQuHYZhOZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLa |
MD5: | E5228906CF566D6A7A3FF9EEFA14D47B |
SHA1: | 059AB58A82980A18A0552F2A04B18C67F652C791 |
SHA-256: | 019391B8DA9BB8C693514B2637893409765116E2FAD72D9EF362482F42AACFD1 |
SHA-512: | BB5D27018A9CDC382BB94688F9777C5E27B40AAC89E283910CDC2F59A90A72A1166F8B35572685CA9EA1574DE24FDC1517BBF34DC66C00570D99265AD384C90A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.149150011268729 |
Encrypted: | false |
SSDEEP: | 6:crbEN4q2P92nKuAl9OmbzNMxIFUt8LrRNUJZmw+LrR/KzDkwO92nKuAl9OmbzNMT:crbW4v4HAa8jFUt8LrRNUJ/+LrR/aD5z |
MD5: | 672EC37A2AA9AADD33FCB4E040A2189D |
SHA1: | E97398BF4E9BEA1077AA08D41DBD4AEBC3FDA311 |
SHA-256: | 030BB0D6676E47AF5C0932DD87EF6A413B97CCB74B975E06875114F4138A7F28 |
SHA-512: | 623CBEBAFBA4EF04AEF0D34C933A75823164FCBB9AE0869E5258B1FE3B291781BC1034EA0654646780F4C6AEA3294A66556F5FB9E19DE76FEC335FC96790863D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.149150011268729 |
Encrypted: | false |
SSDEEP: | 6:crbEN4q2P92nKuAl9OmbzNMxIFUt8LrRNUJZmw+LrR/KzDkwO92nKuAl9OmbzNMT:crbW4v4HAa8jFUt8LrRNUJ/+LrR/aD5z |
MD5: | 672EC37A2AA9AADD33FCB4E040A2189D |
SHA1: | E97398BF4E9BEA1077AA08D41DBD4AEBC3FDA311 |
SHA-256: | 030BB0D6676E47AF5C0932DD87EF6A413B97CCB74B975E06875114F4138A7F28 |
SHA-512: | 623CBEBAFBA4EF04AEF0D34C933A75823164FCBB9AE0869E5258B1FE3B291781BC1034EA0654646780F4C6AEA3294A66556F5FB9E19DE76FEC335FC96790863D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241008090036Z-165.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 0.80454668930005 |
Encrypted: | false |
SSDEEP: | 96:KQVMMUNoMMfMMMMMMIAWHMMgk0r9H9Ola1jnZdvmMBHF:+Xwldp |
MD5: | F5989E0B9772BF953EAB0E529B44D2F8 |
SHA1: | AE50266E825B63CBE45823D31CD227BFA365A4C4 |
SHA-256: | 198B8B1D61ACCD5192B4A999FE203721C4E3BE8D62A8897A96148B0A882C9280 |
SHA-512: | 25FEE8F1E515D6166276AAADE5BAE77F557ADDD75CC09BA3BB31445EB80C4B810462D74B499519C379EB4D00487605D7ED720D705E2B8875884554814AB92042 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 231040 |
Entropy (8bit): | 3.370631145103289 |
Encrypted: | false |
SSDEEP: | 1536:tKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgFjrRoL+sn:MPCaJ/3AYvYwgZFoL+sn |
MD5: | D75DE9F85ADFCB9420E4A4D985041A53 |
SHA1: | 57B52E5B05F1652B08446FE126C054B81C6E8F57 |
SHA-256: | C45E4367C8D48BF4E5E5C50D2C4EA42D802ACFC997652CFDA4C130C25A236471 |
SHA-512: | 6E038711A8C2A0E2E551340BAA23E9A6BF4C7D7C2578A52DDB744B142C9FFB76D7CF6F24DFE70DB9A011992AE323772FC5F69139C869B5347E2A30B65C0B586E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2145 |
Entropy (8bit): | 5.069920113946297 |
Encrypted: | false |
SSDEEP: | 24:YFua3QJGm27XHZ2LSCt7aZna0TNpnayGZmmuBJvbZW4xCZqu20Z+nZO8ZMCCDxiW:YlAwmWXZYEtoitbRCwu20wD+JliWxao |
MD5: | DAB03E4A3222C5EFBAB4E7DF79BDC8AB |
SHA1: | D380D3FA0DE97E8417BE38AA9A837D3E5C976FFC |
SHA-256: | 8AAD032E156638A2BD77EDB173AB213E7F6DA02E3C2327ACBB44D8ABD9397B1F |
SHA-512: | 33B62C4DE0B9D661F714B305BA18836C30549B7FC469E768A9450C861BDC097BF239D936AB600B2EC59F009F2B1C497C5E2C418F82ABED409C6E5A3BB1720A69 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9849789977497846 |
Encrypted: | false |
SSDEEP: | 24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/SpFNy4zJwtNBwtNbRZ6bRZ4aNyF:TVl2GL7ms6ggOVp1zutYtp6Ps |
MD5: | F6DCDFF8D01057B3518BAD84F724F756 |
SHA1: | 967EE8B289E33EE504AB81507ED3176A0C6A7854 |
SHA-256: | A761B1EED6DD79D42806EC02CEEDA559BEF4F47A02329CDA7E9D1ED3E01315FD |
SHA-512: | 8E07702F6255AF3F463F3DD6588C224837CAABD99D28AA193A385DDBF0949B76F5ECCF10AB03217B5F2F91145BFC5204D8F74902EB08775BC684D496A2B91E1E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3390614715090752 |
Encrypted: | false |
SSDEEP: | 24:7+tSAD1RZKHs/Ds/SpFNyPzJwtNBwtNbRZ6bRZWf1RZKgqLBx/XYKQvGJF7ursM:7MSGgOVpOzutYtp6PMFqll2GL7msM |
MD5: | B2446E06366577D259DC25ED8E86A15E |
SHA1: | 647C6B72DAF887A946B2319E9EAE9B1CBEE760C7 |
SHA-256: | 0EF59BB04A19B1DAED736B7B5412E4CB2ABF7C122161756105438D290518C9E8 |
SHA-512: | EA00E442249DC14936894BA20370DAC6A93716122279691482B30467152816244933A1D18ADE37A00465ACED62F2E7EC5F98671D5847D7E1651C8ED2D8DF967B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.529865885204722 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8ejWfPVKw:Qw946cPbiOxDlbYnuRK6NKw |
MD5: | 2D0FC7E1EBADF1336B950A0B058A0DC6 |
SHA1: | AEFE2E4A44D62E9B6988348173B93583F4C9F84A |
SHA-256: | C2734751F13E26F0CB834ADA5FB3411C27C53CED309F997F6185BBF41DE3C98B |
SHA-512: | 75E30266953743A119F8B7A192C0F5C96741D4E7BC7574A61E1F351E0F6B1F50860163E0CCF13393E396A139951F0D077384B3E45ACB3225F3793225C34D273B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-08 05-00-34-504.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.376360055978702 |
Encrypted: | false |
SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
MD5: | 1336667A75083BF81E2632FABAA88B67 |
SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.349295592536036 |
Encrypted: | false |
SSDEEP: | 384:HBlE9R4GsBaytugO3qYb9gjOeN6e7QgjE7lhP3HGVWm8Zmnm0JQ+090IxrxNxLxT:sRbFXNx |
MD5: | 7FE663137C970957EAC900621FD4E540 |
SHA1: | 51522BB1B9C0C4ABFEF83DE7830354EEC5903B52 |
SHA-256: | 3DDA9DD21D70A9F6B2E2C5942D6F4C5930C0D60C41B18D108A2DD8783AED51A9 |
SHA-512: | B379E23C6B520758F0AD2F15A27B7FEA845C744F092D2181D568948D022079B0ADFE2DEC28DDA9F45F177D7585F3436464259A6F6B8DB9346CA041D215418976 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.389586439899569 |
Encrypted: | false |
SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbQ:0 |
MD5: | 46906577EDB206E2B97CAE05F6D88553 |
SHA1: | 84F83221167913ADCDF735F43E37F6EC10992555 |
SHA-256: | E88F8DC7305CA70298159A148809DF8864A71225C1EF723FD7913EF6B9888632 |
SHA-512: | 97C731742E80F67293DB160E40984118D9302A5A079C4BD7B17C3FB5935A5E3079A696D249CA01DF4F0DC2717D86BFB361DA84F8B7CB8153DA1B86455854A729 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw |
MD5: | 8B9FA2EC5118087D19CFDB20DA7C4C26 |
SHA1: | E32D6A1829B18717EF1455B73E88D36E0410EF93 |
SHA-256: | 4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD |
SHA-512: | 662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLcGZtwYIGNPgPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLcGZtwZGo3mlind9i4ufFXpAXkru |
MD5: | 3C671FDF7C9B2C94F91645F11DC9ECD0 |
SHA1: | 56CD18C4AB744302BF5147F3B21EEACAB18ABA1C |
SHA-256: | 16BA6A372F18C7A16158832163EA7053DA3E8F177476C024DA42E2995BCC13BF |
SHA-512: | 75D8B31E7CA411F55ABCF6DDD027D710AE56CC2DA7C96DC6380E9018E8942F4702C00CED41907712180056A86F2FB40DF32B3260CEAC7C0D6B4F599835B8D700 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.7206768903254845 |
TrID: |
|
File name: | su11ra_2_7197.PDF |
File size: | 13'291 bytes |
MD5: | f418c65a16006215441d914ced24ebc7 |
SHA1: | 79fff4093937c404b1f09e4f9f843924b4118d66 |
SHA256: | 87b1e9ad626280722625a0aaaacf18c2514f663fabe961fb953e30ec945141f2 |
SHA512: | ad6fa30727cd2ceea6e576c12a8db27b7f299687d14870b06a6798b5bf5c025079708792295e8e32e81a4621d475c809970489019af77b8e4d26deb50fd745dc |
SSDEEP: | 384:hDMl+lrsYAKLilJK3r9LDgZxpN2Lz/795vnEn5NeLK:hQSgYkWZQHpN23TE5Nv |
TLSH: | 64522C1AE90AD6D1E85E47E97F126CA21E4CB309D1C9AECA21BB0E435550FA7FC0F54C |
File Content Preview: | %PDF-1.3..%....1275..1 0 obj..<<../Type /Catalog../Pages 4 0 R../Outlines 2 0 R../PageMode /UseOutlines..>>..endobj..2 0 obj..<</Type /Outlines../Count 1 /First 12 0 R /Last 12 0 R>>..endobj..3 0 obj..[/PDF /Text /ImageC]..endobj..4 0 obj..<<../Type /Page |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.3 |
Total Entropy: | 7.720677 |
Total Bytes: | 13291 |
Stream Entropy: | 7.864401 |
Stream Bytes: | 10647 |
Entropy outside Streams: | 5.010939 |
Bytes outside Streams: | 2644 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 12 |
endobj | 12 |
stream | 2 |
endstream | 2 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 8, 2024 11:00:47.841650009 CEST | 53 | 60997 | 1.1.1.1 | 192.168.2.5 |
Oct 8, 2024 11:00:47.966423988 CEST | 53 | 53572 | 1.1.1.1 | 192.168.2.5 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 05:00:30 |
Start date: | 08/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff686a00000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 05:00:31 |
Start date: | 08/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 05:00:32 |
Start date: | 08/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |