Windows Analysis Report
bc3c228ad2c13f96cb14375c3860e802.pdf

Overview

General Information

Sample name:	bc3c228ad2c13f96cb14375c3860e802.pdf
Analysis ID:	1531083
MD5:	07e084068db2e3ec1b6947d358bdbdb7
SHA1:	4fe20678a003e1c40b813d34c8366c06b2b11b2a
SHA256:	eb89c56d79d28e97a2c4af49d6880586efe8933543bed5a65048ea5f481f00d8

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected landing page (webpage, office document or email)

Suspicious PDF detected (based on various text indicators)

Detected non-DNS traffic on DNS port

Stores files to the Windows start menu directory

Classification

Signatures

Phishing

Suspicious PDF detected (based on various text indicators)

Source: Adobe Acrobat PDF

OCR Text: REES Tania DeAngelo has sent you encrypted PDF Document VIEW PDF DOCUMENT Microsoft respects your privacy. To learn more, please read our Privacy. Statement. Microsoft Corporation, One Microsoft Way, Redmond, WA 98052

Source: chrome.exe

Memory has grown: Private usage: 17MB later: 30MB

Detected non-DNS traffic on DNS port

Source: global traffic	TCP traffic: 192.168.2.16:54567 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:54567 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:54567 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:54567 -> 1.1.1.1:53

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.136.10

Source: global traffic	DNS traffic detected: DNS query: x1.i.lencr.org
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: spo.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: bitcentral.sharepoint.com
Source: global traffic	DNS traffic detected: DNS query: r4.res.office365.com
Source: global traffic	DNS traffic detected: DNS query: config.fp.measure.office.com
Source: global traffic	DNS traffic detected: DNS query: 0b2406163904f9da360672794dbfa8f8.fp.measure.office.com
Source: global traffic	DNS traffic detected: DNS query: tr-ooc-atm.office.com
Source: global traffic	DNS traffic detected: DNS query: upload.fp.measure.office.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54617
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54625 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 54621 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54621
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54620
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54625
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 54620 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54617 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443

Source: classification engine

Classification label: mal48.phis.winPDF@36/38@29/148

Source: bc3c228ad2c13f96cb14375c3860e802.pdf	Initial sample: https://bitcentral-my.sharepoint.com/:f:/p/atrang/eiizg32--6vgr5srw9sfi9kb0el4nsoa2uwqfbhpdbay6w?e=tebmo8
Source: bc3c228ad2c13f96cb14375c3860e802.pdf	Initial sample: https://bitcentral-my.sharepoint.com/:f:/p/atrang/EiIzg32--6VGr5srw9SfI9kB0el4nsoa2UWQFBHpDbAY6w?e=tebmO8

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6992

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-10 14-42-49-124.log

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\bc3c228ad2c13f96cb14375c3860e802.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2124 --field-trial-handle=1576,i,18144995794146893563,2472083385036013340,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 51E4D9F6A0D8674E0FA63B14E99E1A98
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2124 --field-trial-handle=1576,i,18144995794146893563,2472083385036013340,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitcentral-my.sharepoint.com/:f:/p/atrang/EiIzg32--6VGr5srw9SfI9kB0el4nsoa2UWQFBHpDbAY6w?e=tebmO8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1768,i,3636695552058561128,17798778156319188125,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitcentral-my.sharepoint.com/:f:/p/atrang/EiIzg32--6VGr5srw9SfI9kB0el4nsoa2UWQFBHpDbAY6w?e=tebmO8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1768,i,3636695552058561128,17798778156319188125,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: bc3c228ad2c13f96cb14375c3860e802.pdf	Initial sample: PDF keyword /JS count = 0
Source: bc3c228ad2c13f96cb14375c3860e802.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: bc3c228ad2c13f96cb14375c3860e802.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: bc3c228ad2c13f96cb14375c3860e802.pdf

Initial sample: PDF keyword obj count = 54

Persistence and Installation Behavior

AI detected landing page (webpage, office document or email)

Source: PDF document	LLM: Page contains button: 'VIEW PDF DOCUMENT' Source: 'PDF document'
Source: PDF document	LLM: PDF document contains prominent button: 'view pdf document'

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Process information queried: ProcessInformation

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
52.98.228.50	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.185.206	unknown	United States	15169	GOOGLEUS	false
13.107.136.10	dual-spo-0005.spo-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.168.117.175	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
20.189.173.5	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
40.99.253.82	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
2.19.126.89	unknown	European Union	16625	AKAMAI-ASUS	false
20.42.65.85	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
20.189.173.16	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
54.144.73.197	unknown	United States	14618	AMAZON-AESUS	false
23.57.23.230	unknown	United States	16625	AKAMAI-ASUS	false
23.10.249.56	unknown	United States	20940	AKAMAI-ASN1EU	false
52.98.179.66	mira-ooc.tm-4.office.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
199.232.210.172	bg.microsoft.map.fastly.net	United States	54113	FASTLYUS	false
172.64.41.3	unknown	United States	13335	CLOUDFLARENETUS	false
142.250.110.84	unknown	United States	15169	GOOGLEUS	false
34.104.35.123	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
142.250.186.163	unknown	United States	15169	GOOGLEUS	false
95.101.23.155	unknown	European Union	20940	AKAMAI-ASN1EU	false
13.107.6.163	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
2.17.22.113	unknown	European Union	16625	AKAMAI-ASUS	false
2.23.197.184	unknown	European Union	1273	CWVodafoneGroupPLCEU	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.181.228	www.google.com	United States	15169	GOOGLEUS	false
52.123.138.73	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
95.100.50.221	unknown	European Union	16625	AKAMAI-ASUS	false
40.99.172.162	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

Private

IP
192.168.2.16

Contacted Domains

Name	IP	Active
bg.microsoft.map.fastly.net	199.232.210.172	true
dual-spo-0005.spo-msedge.net	13.107.136.10	true
mira-ooc.tm-4.office.com	52.98.179.66	true
www.google.com	142.250.181.228	true
x1.i.lencr.org	unknown	unknown
0b2406163904f9da360672794dbfa8f8.fp.measure.office.com	unknown	unknown
r4.res.office365.com	unknown	unknown
upload.fp.measure.office.com	unknown	unknown
bitcentral.sharepoint.com	unknown	unknown
config.fp.measure.office.com	unknown	unknown
tr-ooc-atm.office.com	unknown	unknown
spo.nel.measure.office.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://bitcentral-my.sharepoint.com/personal/atrang_bitcentral_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fatrang%5Fbitcentral%5Fcom%2FDocuments%2FUSDCOE063628910&ga=1	false		unknown

ID:	1531083
Product:	CloudBasic
Start time:	20:42:13
Start date:	10.10.2024
Sample:	bc3c228ad2c13f96cb14375c3860e802.pdf
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	07e084068db2e3ec1b6947d358bdbdb7
SHA1:	4fe20678a003e1c40b813d34c8366c06b2b11b2a
SHA256:	eb89c56d79d28e97a2c4af49d6880586efe8933543bed5a65048ea5f481f00d8
Filetype:	Adobe Portable Document Format (5005/1) 100.00%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241010184251Z-168.bmp	PC bitmap, Windows 3.x format, 164 x -125 x 32, cbSize 82054, bits offset 54	35B745C4F07E3A5650C5C0C82A515A7D	E641E307469961B52C7CC2007AD2BC96631924C4	1B8F8D401BFC0E4A37345785B8E6D60662F01E17861660DCB39D11389897BA07
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages	SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2	A4D5FECEFE05F21D6F81ACF4D9A788CF	1A9AC236C80F2A2809F7DE374072E2FCCA5A775C	83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal	SQLite Rollback Journal	CA9E19A069DEC201ECE9D7507E1DCC22	E2828A03F8A0B2B05260EDD48E5414EA331DE003	8D7CCFFDD99B3B3194B52AA923F067C0D6607E16D47B884349C1FCF4A5185FF5
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D	Certificate, Version=3	0CD2F9E0DA1773E9ED864DA5E370E74E	CABD2A79A1076A31F21D253635CB039D4329A5E8	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression	49AEBF8CBD62D92AC215B2923FB1B9F5	1723BE06719828DDA65AD804298D0431F6AFF976	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D	data	188AF1E8057D7A4A849358CCA021E093	04F3CFF9645564277580B2ADB4A50736E8B55880	8FCF912A93CE5289993ADA57FBED9B3FC4478ECCC615C0021EBB11F4015A2900
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	data	15558789107E05C5E570756E2AAF986C	7E2EBE24B2EB1C693A01A271F5281E5757977431	3EF68F9D7B9109EDCB31C6C720D141DA32D2BF32BE5D422F7A54802F146F5670
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6992	PostScript document text	94185C5850C26B3C6FC24ABC385CDA58	42F042285037B0C35BC4226D387F88C770AB5CAA	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)	PostScript document text	94185C5850C26B3C6FC24ABC385CDA58	42F042285037B0C35BC4226D387F88C770AB5CAA	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID	JSON data	AB3D7C1BE01FA8C61148681DC0E8790F	D3A7AF056B68B287B7E92A5E1E761BB84EC8468C	66B92BA5265D0BE4BB0285C55242EC2532861AB0ABC37191C44BAA5D68CD3D9E
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface	JSON data	9168D455D7F068FA5CEA21F7634450DD	97445297CC73EAD144A63E8265A12298CE3BDB37	53D05DDF295A93A6AA8EE73E567F68745174526EB1B61A6FC2618AF14F38F48C
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface	JSON data	9E722F8566845F58D3864D02D73B61F5	638BE79A7193AD95486FD5A25BE964E093EDA1F9	5853A5961E0A4AC39000A45D23A5DBB0E514FFE2F2B942D4BDF05119BC645A22
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD	JSON data	DB2BFC553E223DF94BF6EEC72AD00DC1	E13193255EC7BA08FEB5CB52ED057D72B7D44FC2	7171BA8701B757B523CB393DA4356F3BBB08CC8CBF3BB683CACED89077A173EC
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner	JSON data	AA613B9E56FF604760F3846D385B399A	292433C1C63EB24CD269D729475ABCC4C6A16839	CD0BFF295C5FE364D75B81CFAC50BDBF6FE5A4A948A0DB4BA8B75885F4D46B2C
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner	JSON data	626CB654DA33B306E77016BEB0ADB9F0	91844994B252B2246387B5E4598F99F947B14104	F7BF8FD6435D290DC84304DFA7AD38149C4D136A3EC32C7E05C71E3A75A9F369
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention	JSON data	2C8F393C92C8F3D73A3E437B268B0A8C	1A45C1C193AB6210376DE48F704DB15B24738303	F6D9C037EB482E3C76A1A045793A168AEA2645C9B3892C89B845CC05D5E5FB6A
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner	JSON data	174E75FE0D0767850A1F52A8219F1630	3FBD28891B35482DE3D84BD6B3D74E3A1CD3C4FB	B59FB1D540848EC6A89AA348311FD875DA1C5FBF95868DD837E1CBC3D6FB6438
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner	JSON data	9D559FF2A6E6F5C0FF1969705495ECA4	F55C9CE09314451B4E412892549640A97330FEF9	AAF12EF931F7D560EF9CF5C44E9785E0A2C3D1E7AD77549D2062C253F9C076BE
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner	JSON data	0FC646DF2742DC8300F213B9ADAC477C	1807943497C5E697FD24EC2B26712AE47C832F48	C279265AB67A1ECCB8A89625A728FEC9D77F26F8F912D32971DB05D44C5DE69C
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner	JSON data	91858F773C16AC360E3F915C55E02079	AB81DABBABB852D3F6A6012C0E1E79C0ABDA047F	F88080B7BDE592346F9AD6C6F7BF2BC7E5E3989E75E4988662E6EFC87F5A3FE9
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner	JSON data	028729E0293130264419392CF679283C	7BF0760F26A28652DFF7E559E411C7EEC87F75AA	59F239E1C7CFBD1C76E2E1664301605AE5CA0502E780EE93D3020128207BE83F
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention	JSON data	9447AF2549C2A778F11E59F6783CEE67	B2586751B072AF31883616D11BA00EB693EFA8D9	8F1FAF1A61F621342F622CC9E6C6FCB3F59E6B086806C78783036B2BA67C0F7E
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner	JSON data	6C8ACD4A1B5CB908C3C315D12829FE0D	7DD5EB63AF8D212737A77C00548E9AC98A4585BD	8084FE948E3EBBB605C08B4245569B28F70AB5295BE7991AF4052CDE46626A10
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards	JSON data	9AB181732FF1764356162E406FEEA4D8	11538FCB6761E8F127408BDE8182B6EB80BBBF1E	E7CF2D3CA50B0D7E822118A371FFEA4B7F4A209BFA31C321275D4E44BCA24F93
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020	JSON data	141D93A99B686B66B6881E8515B8E804	993BD0CB79F7C48E8CC1475429BB42AF2CDFF84A	DCEC3C42EC81381B590FAA0448907F0F7B373F960AD75D152E7AF9DD74932915
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING	data	DC84B0D741E5BEAE8070013ADDCC8C28	802F4A6A20CBF157AAF6C4E07E4301578D5936A2	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json	JSON data	278BD9E1E402EBA80EEB23383BA6FB43	7B22062D9E26E6C8C1923D0A6A75849554BF35F4	714D81DEF6734771A2FEA9E4639A6EC9E5CAC2ED99C267CDC7C9F22D008A2627
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents	SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19	86A22B295EBC6FB99E36A6F2B3EE2FAC	95EDF243034BEA22F9B009F4DCD5FCB3055265FA	EA41F8FE96591714772F4252BB3CA76BB1A3F67754F8D1E8FA58C08533A51C2E
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal	SQLite Rollback Journal	B4E5CA450ED84CD3B91BD3331AFFB9B7	E068DAA8B8E776801A34D5A87E699BAB349404F3	28E4660F3E04CFA7EE7C5E1FF6067533551A460103B09DF5040C4587416DC14A
C:\Users\user\AppData\Local\Temp\MSI53aac.LOG	Unicode text, UTF-16, little-endian text, with CRLF line terminators	F308E916E4D38D3D2E6D5EA1D6E9762D	B3E17EFB95BA38C44B395458F6749573A1A58461	2858A8E5A548EAEC1241B87268E777F47FA2770BCC6CBEE4075658B5D0DDF749
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-10 14-42-49-124.log	ASCII text, with very long lines (393)	91F06491552FC977E9E8AF47786EE7C1	8FEB27904897FFCC2BE1A985D479D7F75F11CEFC	06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt	ASCII text, with CRLF line terminators	50122E73C9FF2CD4485056D88C6E7A79	B23B5CF98445C5CF5BE254FC5EAA4E5C2C1F631F	FD40ECD1FECBB3F4D563A99DA111659583A2DB43DA13D3C2E0DD8BB4FC7575C6
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 17:44:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	893C12B7D9C3D29E9AE991E8D31171C5	9E263C52B23888640B04A27F7F9CC1200D22EF37	349017D1847A6F92BD7462DC909DAE250DB178F244CC85FB37A1AD5D771E289B
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 17:44:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	52F369632B67EFF22715D2CE0EECFE58	A55D7904B73532E8D16997DB3FE44CFA0EFB36A9	B4EE63C01EAF4351CCF00C604AA58E560276BAF0A351CF907DE55ECE06ADBAE8
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	04103086094462ABF6A063E29A78ADA7	4ABE30730F86910649A1616D14E55593FAD0FFA6	46F276F0A5F95B13E8D44151C5161BF0F3221CCDC7450D54F7FC5423678F0AE2
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 17:44:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	45DD1F6C1F61968368099A0D3897C209	17250F28D916C069A19B11FF0A4F0E81F1EE3E4F	65D52D06D0630CDE08BB5305ADA535518C8E485FFC2762251A0F4D47B8492ECA
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 17:44:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	A7373F2909ACEEE8099B3BF1EAD69090	9AB4425DC13A060FCD5F04370D57B607E7FA7FC5	E7BC74489A7732C2712723DA9CB6F0889ED576429D0907F448CECA9617DC3662
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 17:44:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	D649A28FC9A3D6F95DB563FAA99677BC	2605F4E8E909179CECA33C9643A30088E24FB0C4	E40B94BF62E9987A6E4EDB53D96AFE92319E84D331AEEAD929164CAB0284B99C

Windows Analysis Report
bc3c228ad2c13f96cb14375c3860e802.pdf

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Software Vulnerabilities

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report bc3c228ad2c13f96cb14375c3860e802.pdf

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Software Vulnerabilities

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
bc3c228ad2c13f96cb14375c3860e802.pdf