Windows
Analysis Report
Certificate of Insurance (5).pdf
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 5832 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\C ertificate of Insura nce (5).pd f" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 6912 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 6660 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 76 --field -trial-han dle=1244,i ,889067884 0112915992 ,854642750 8451947814 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: | ||
Source: | DNS query: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Non-Application Layer Protocol | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.214.172 | true | false | unknown | |
x1.i.lencr.org | unknown | unknown | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false | unknown |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1537106 |
Start date and time: | 2024-10-18 15:12:32 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 15s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 13 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Certificate of Insurance (5).pdf |
Detection: | CLEAN |
Classification: | clean0.winPDF@14/28@2/0 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 23.22.254.206, 54.227.187.23, 52.202.204.11, 52.5.13.197, 162.159.61.3, 172.64.41.3, 199.232.214.172, 2.19.126.143, 2.19.126.149, 2.23.197.184, 88.221.168.141, 2.16.100.168, 88.221.110.91
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, e4578.dscb.akamaiedge.net, ctldl.windowsupdate.com, p13n.adobe.io, a767.dspw65.akamai.net, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: Certificate of Insurance (5).pdf
Time | Type | Description |
---|---|---|
09:13:53 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
bg.microsoft.map.fastly.net | Get hash | malicious | Strela Downloader | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | Sality, XWorm | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 290 |
Entropy (8bit): | 5.214796883936732 |
Encrypted: | false |
SSDEEP: | 6:hn4gU9+q2PqLTwi2nKuAl9OmbnIFUt8Wn4G6XJZmw+Wn4G6X9VkwOqLTwi2nKuAR:h4n4v8wZHAahFUt8W4G6XJ/+W4G6XD5t |
MD5: | B0B558D823536B233E03493E167D6A0D |
SHA1: | E6B894D8ABB19FDF6AAD601979D8290702F69547 |
SHA-256: | 348CE0A4C422A7F287F9D228789FED856C016312A05670FE330195F76FE290D3 |
SHA-512: | 3AA6A33F4E5963E89AAD3A277E3EF73368B59C8BD0F2086D5BA96815AB36038540D1C83E1B438CC47A117FFBD400F9EE20F9333729063EA7C9F2D60EC8A151CF |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 290 |
Entropy (8bit): | 5.214796883936732 |
Encrypted: | false |
SSDEEP: | 6:hn4gU9+q2PqLTwi2nKuAl9OmbnIFUt8Wn4G6XJZmw+Wn4G6X9VkwOqLTwi2nKuAR:h4n4v8wZHAahFUt8W4G6XJ/+W4G6XD5t |
MD5: | B0B558D823536B233E03493E167D6A0D |
SHA1: | E6B894D8ABB19FDF6AAD601979D8290702F69547 |
SHA-256: | 348CE0A4C422A7F287F9D228789FED856C016312A05670FE330195F76FE290D3 |
SHA-512: | 3AA6A33F4E5963E89AAD3A277E3EF73368B59C8BD0F2086D5BA96815AB36038540D1C83E1B438CC47A117FFBD400F9EE20F9333729063EA7C9F2D60EC8A151CF |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 334 |
Entropy (8bit): | 5.176010594106898 |
Encrypted: | false |
SSDEEP: | 6:hny6SVq2PqLTwi2nKuAl9Ombzo2jMGIFUt8WnyQOagZmw+WnyvIkwOqLTwi2nKuA:hDSVv8wZHAa8uFUt8W/g/+WsI5TwZHAv |
MD5: | F721E133CB92213BED8BC35B8E54F13B |
SHA1: | A3F583E96B77248EE09303F47FF47572A3711FA2 |
SHA-256: | 46DF9F479A416FAEB05FC9D3F968859DFF8BBB468332367066CA5A7612AEA918 |
SHA-512: | EBB78D2D27B23D19201D515A16518912543582E329DD4EAF5C8D6CC3AB114CF401BE890E6AE9658E4DB6EDE648113565C2A7096D133D5672B8698F457C0F78D5 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 334 |
Entropy (8bit): | 5.176010594106898 |
Encrypted: | false |
SSDEEP: | 6:hny6SVq2PqLTwi2nKuAl9Ombzo2jMGIFUt8WnyQOagZmw+WnyvIkwOqLTwi2nKuA:hDSVv8wZHAa8uFUt8W/g/+WsI5TwZHAv |
MD5: | F721E133CB92213BED8BC35B8E54F13B |
SHA1: | A3F583E96B77248EE09303F47FF47572A3711FA2 |
SHA-256: | 46DF9F479A416FAEB05FC9D3F968859DFF8BBB468332367066CA5A7612AEA918 |
SHA-512: | EBB78D2D27B23D19201D515A16518912543582E329DD4EAF5C8D6CC3AB114CF401BE890E6AE9658E4DB6EDE648113565C2A7096D133D5672B8698F457C0F78D5 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.9707925746743955 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqy99TksBdOg2Hphcaq3QYiub5P7E4T3y:Y2sRdspTJdMHpY3QYhbt7nby |
MD5: | 7673374D3AFB990FDE42EA8B5723D6D6 |
SHA1: | 0C08EC604846D4C1CD02FBE7114BF37C2A60101C |
SHA-256: | A043947CFC5FAC1A5052788176F37D835680AC53E7CDA0A7093FC5BC12242588 |
SHA-512: | 30609CF6292966FC40768C15C18F2C666E5A9811597DD5CE6097F363907DA11A3899E4ACB21B71C570B88DB6C167B1293F4B2A922F06CD8E5D3FF7D4DBD4F39A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\bebefcf5-13dd-43f0-a3ce-19f66c2e1369.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.9707925746743955 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqy99TksBdOg2Hphcaq3QYiub5P7E4T3y:Y2sRdspTJdMHpY3QYhbt7nby |
MD5: | 7673374D3AFB990FDE42EA8B5723D6D6 |
SHA1: | 0C08EC604846D4C1CD02FBE7114BF37C2A60101C |
SHA-256: | A043947CFC5FAC1A5052788176F37D835680AC53E7CDA0A7093FC5BC12242588 |
SHA-512: | 30609CF6292966FC40768C15C18F2C666E5A9811597DD5CE6097F363907DA11A3899E4ACB21B71C570B88DB6C167B1293F4B2A922F06CD8E5D3FF7D4DBD4F39A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4288 |
Entropy (8bit): | 5.220810184404041 |
Encrypted: | false |
SSDEEP: | 96:GICD8SBCmPAi8j0/8qbGNSwPgGYPx8xRqhm068OzzhDze+qH4DwHGpZ:1CDLCmPj8j0/8qKgwPHYPx8xemT8Ozzj |
MD5: | 87DBA11A291304A66DE697F78E6889D0 |
SHA1: | 39C24AC22CB55FC16035D7FFEDCD0C1CE63F7E7F |
SHA-256: | 2C2EB010326A3D72705D51F64D994B542BA35FC8BD7386FFF25E45FE41CE6624 |
SHA-512: | AE898C120580A78E35710B960874ECD6D07D74AF2A7DCADBE080F70CDA5EFE15ECB691A6671FAB7EB530930740A6AF209323B98639409F19F015AE77BD77C0AE |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 322 |
Entropy (8bit): | 5.131451180026295 |
Encrypted: | false |
SSDEEP: | 6:hnN3YVq2PqLTwi2nKuAl9OmbzNMxIFUt8WnNVSgZmw+WnNX0SIkwOqLTwi2nKuAo:hJYVv8wZHAa8jFUt8WKg/+WF3I5TwZHP |
MD5: | EBA4CE3DE4A46120205AE913A9E1A417 |
SHA1: | AAC924B934CAECA541C07AFA1461848ABEE71D01 |
SHA-256: | 1C8DC150FC19BD2B8280ED8457D6FBFB67D3C332F36F261DD708AC584D94984A |
SHA-512: | 5CC7DD8D41AF5AF65AC76FFD277A85DFF8B6697C3FC8F30F49D74FD200C707F70ABC3B760ABF7DD7A3ABF4B65E384321EED42952C93D5781F40A617E6DA78942 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 322 |
Entropy (8bit): | 5.131451180026295 |
Encrypted: | false |
SSDEEP: | 6:hnN3YVq2PqLTwi2nKuAl9OmbzNMxIFUt8WnNVSgZmw+WnNX0SIkwOqLTwi2nKuAo:hJYVv8wZHAa8jFUt8WKg/+WF3I5TwZHP |
MD5: | EBA4CE3DE4A46120205AE913A9E1A417 |
SHA1: | AAC924B934CAECA541C07AFA1461848ABEE71D01 |
SHA-256: | 1C8DC150FC19BD2B8280ED8457D6FBFB67D3C332F36F261DD708AC584D94984A |
SHA-512: | 5CC7DD8D41AF5AF65AC76FFD277A85DFF8B6697C3FC8F30F49D74FD200C707F70ABC3B760ABF7DD7A3ABF4B65E384321EED42952C93D5781F40A617E6DA78942 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241018131346Z-207.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 1.9702631883255544 |
Encrypted: | false |
SSDEEP: | 96:U7y9rKHa0qlY7Az455bVMMJ9Hz51D4bogy7MQi7MEevY:U7jqYAk5p9zcfmg |
MD5: | A8DD62860C383F6F48483C25D8633DB6 |
SHA1: | B0CBCBA8E4476F042F37A41967D71CA4E68A5AE3 |
SHA-256: | FE993C514A9690036E25A44FE6BE927E69B3C9ECC66693D2F2CF746ACFECDB5B |
SHA-512: | 477C7347EB55EF6997AC5E7D963C897CB7084EF54A73CC429FA6F8C921A97701784361762F6C6E08BDC2195451AFF43089DAD479BE694B4B06363A5D97049095 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.438537548586652 |
Encrypted: | false |
SSDEEP: | 384:ye+ci5GViBA7vEmzKNURFXoD1NC1SK0gkzPlrFzqFK/WY+lUTTcKqZ5bEmzVz:pZurVgazUpUTTGt |
MD5: | EF34FE299EF6B74145978698991CE769 |
SHA1: | 1C5BC5342139A780B772EB9CF21BDF66328DD772 |
SHA-256: | 34937D560C2B7082DC0AEC85661F918E6FC4C8A268E76C901DBBA275ED0E3416 |
SHA-512: | A79FCB72EE21A3ABD3DAE362218E24B1021848E6614DD51430074F0B4E42BC859F32C4E397498AD748D8DE7965B5335B37ED191B1EF4EDFA608FC9FA2090847A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.7689065370129997 |
Encrypted: | false |
SSDEEP: | 48:7M9JioyV8ioyCoy1C7oy16oy1eKOioy1noy1AYoy1Wioy1oioykioyBoy1noy1OH:7SJu8StXjBiKb9IVXEBodRBkP |
MD5: | 200640CCCA601D2DFAE56C2870E7F00C |
SHA1: | 1CBD10011EB3AC1A2B54B742C227EC5F7ABAD054 |
SHA-256: | 40E8D5B28AD32FA18D14600A42E110DBC137E9F6E6C576FD45C772098CFDDECF |
SHA-512: | 55C97D120C2D4C115FD846E6EA101A9F8810B633F6FBB76AC043068C8A68AA31A072837ED550181FD4FC6B9FF3453275742716B1F00C2474925B17EE7B2BE521 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.766862344522533 |
Encrypted: | false |
SSDEEP: | 3:kkFkl8J8UfllXlE/HT8kbtNNX8RolJuRdxLlGB9lQRYwpDdt:kKlqT88TNMa8RdWBwRd |
MD5: | 8E12ACCB0F8028980007BC2018D6C30E |
SHA1: | 9023BBCAAFB91D8501D9A8E74DDFB84FC6B993B0 |
SHA-256: | 4A0BDD7EB9E606CBFCF243AE3577D6F4B50FD51342B9F45317AF60C01126459E |
SHA-512: | 523CB90B28C5E2D06FCB722A0CDC170200950600C92BB9920571A2ABD5EE261EF81D52A397FD5BAD757954558D7A8A1BFBDC047DD44441B87FA9F7D0DCBAAA66 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.253995428229511 |
Encrypted: | false |
SSDEEP: | 6:kKhF9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:ZsDImsLNkPlE99SNxAhUe/3 |
MD5: | 37C31A91F36B38EBBA438C57B048E01C |
SHA1: | 517BC8D605B16BA585F3B2408AE2F05E8C3D3C9C |
SHA-256: | BA8C85D941B301083D119A29093AC1ABE4A26BF7BB496B0EA0AFCE5969CBCFDC |
SHA-512: | 1B848CCBCB412C28002D87A7801D900F5A809F84C5B3D7D654C5DF94C6D6D31FCB173826C2F9C6707F4A8B3AEBF64C25E5C1629E5DC26454C81FCD506E3209E3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2145 |
Entropy (8bit): | 5.07680959612068 |
Encrypted: | false |
SSDEEP: | 48:YBN8+pREYgPrbyyCHzqi/Sai05iCdskaG:s21izifCekh |
MD5: | B4FAAEB19BB4BCB4005023D4AF204474 |
SHA1: | C3EFF5B0F9B3D9CBEE46B0527DB1F68087BB1AF7 |
SHA-256: | 0FA835026CAE5D66321E0511EF37E5B33B9AE4EEA7C97E1110AF9BC12F8025CA |
SHA-512: | 6285B59E58BAB6A2F0871AED09ACD783036CB6BE603B3C43E2BB6FB3B39BAFDC0C271306F90C48C2246DB6F905B5B65ECDC0F6390DD8341515AE524D148CB45F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.3663511812813047 |
Encrypted: | false |
SSDEEP: | 24:TLBx/XYKQvGJF7urs9S6bqyKn6ylSTofcNqDuyKXKdqEKfS8EKfM1baqKF:Tll2GL7msMcKTlS8fcsuyRfIqa |
MD5: | 5762D2976CF14E85DAD54C848D88E646 |
SHA1: | 5DBF4C813ADBEC1AC34EACBBF68EAEEC0191EC5E |
SHA-256: | F6480A2E1C9812C9FEC7AB52C2B37EB3132C14EFFA1206B2B1788F9F5CF43050 |
SHA-512: | 10A73E3A097A5E448C8568434512AC59682CAFAF86C5BBC0C73B2B146E0E4AA031F2C369BD0FCF7013395A0F00872ADB8CCF801E2C612ACB5FDAD18BDD41A620 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.8433423944800031 |
Encrypted: | false |
SSDEEP: | 48:7MUZGcKTlS8fcsuyAfIWRqGufl2GL7msH:7MDfcshuJKNVmsH |
MD5: | 52050F6C0363C414BAB840D25090FD4C |
SHA1: | 3CD106F32A1BAF9F84C5F36461D0F5A6152D599C |
SHA-256: | 11D5CA602BD6AB2A21F99F5B2CAEE888457D07FF90A6DB47FCE06AC4C50A75A1 |
SHA-512: | F52AF4044CEA81CF018ACD8B376EA73690A7850845C0839313DA48749713A9BFBCBC35F426BAC19182A4E61118475F45CE37DC0E1D6ABF55573B74F43A557D23 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.529459928009153 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8sKRasw:Qw946cPbiOxDlbYnuRKSQ |
MD5: | 43EFB73DE58414B1F217B09D1F71A11F |
SHA1: | 26B3F3D86E8D82BD834763C94B74E76BBE86A863 |
SHA-256: | 99DBF566FBC55614102D99736349664388FA959A2E8C75E705BDAACF415414E4 |
SHA-512: | 017EFE3DBA2C0B6158A0F620964EEC82EDDCA82A853F569B321CA4E9BEF960A76491A9E42D3E2D533B32D42FEE4FF307D688138DD8BFB5E492B45941F74EAAFE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-18 09-13-42-804.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.330589339471305 |
Encrypted: | false |
SSDEEP: | 384:usQfQQjZyDzISMjg0svDBjA49Y0/sQHpMVhrSWD0Wny6WxIWd44mJmtaEKHvMMwh:Ink |
MD5: | 5BC0A308794F062FEC40F3016568DF9F |
SHA1: | 14149448191AB45E99011CBBEF39F2A9A03A0D15 |
SHA-256: | 00D910C49F2885F6810F4019A916EFA52F12881CBF1525853D0C184E1B796473 |
SHA-512: | CF12E0787C1C2A129BE61C4572CF8A28FC48039B2ADFD1816E58078D8DD900771442F210C545AD9B3F4EAEC23F6F1480F7BBF262B6A631160B20D0785BC17242 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15113 |
Entropy (8bit): | 5.370327488686664 |
Encrypted: | false |
SSDEEP: | 384:S2ybCCEMWQHHQF8+gBkfIFCTbE7cp6CPMP4MW+OC7E606sTRZiN8bwbSnbFDa/PH:GSc |
MD5: | 9F8337DFD945E7CEBA135B815FC9032F |
SHA1: | 3940D63AB606792289C7957C02BE21D10394AC25 |
SHA-256: | 022F9CDA3053864483CED986A2F07DD694E73106B9224296FB13EFE06A9199C5 |
SHA-512: | 521973334EA573024A246D9490848F2875E8F9B4C43CCECEA0F37F388CF1A288D46954987BDA2A035A4587A76917D48F944895F9000DACE75B5A674C8C90B5BD |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.391215080159019 |
Encrypted: | false |
SSDEEP: | 192:icbENIn5cbqlcbgIpLcbJcb4I5jcbKcbQIrxcbmlcbmIW8cbh:8qnXopZ50r6Wz |
MD5: | DE2C39CB8DE94C10239B68F0EBE38BD8 |
SHA1: | E3C491176656374F120A34B0ABB614DBF97B267E |
SHA-256: | 29246C8F646FF4B88835C088E443A28E3FFD2F84AD0767607078E2812806EDC6 |
SHA-512: | 803436B3B5E8EF460DE380FAD4742CAFF0533908B531E11C54126C8C12776F4109EA1B0FF99367E8541772EE893726E27B72CE1ACC49B31AF89B4FEB9ED04329 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/nZwYIGNPgeWL07oYGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:fZwZG/WLxYGZN3mlind9i4ufFXpAXkru |
MD5: | 1F3D69524A9D7E17BD2363C81D130F1A |
SHA1: | C2A4A08839CBA47BEE2B601975F7C4F0CC191091 |
SHA-256: | D0FFBEC8502A0BE88A99F6708987658FEBE4CF3B6B79AF219C53EFF6458F9D9D |
SHA-512: | A4CBE7073A7CB4C5E33E1CD903CCD7F24B78A04C037BFA1D90D9A5BBD12AF60E3DFFD6546277D1B765CA1DAC1CDA28D24D3454C81952B72D97CAF84DF395E99A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/I+wYIGNP4bdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07mWL07oXGZd:LwZG6b3mlind9i4ufFXpAXkrfUs0CWLk |
MD5: | F5279DA3659F1FDF155BE793A409106A |
SHA1: | B389FCDB8832ABD4BC4A06CB7E97107FC5E139EA |
SHA-256: | 4926C6879266E3E2301A1823FE1FF8772B1FA7A33163224B1B5C2695A0E372CA |
SHA-512: | 07CA1BF523F22967695DF263E7477135C69F5B9F6B612B8037F9434C099F5BE132957DAC9619F13F97FDDD6A543E78D395755F7BB644B34D864C46239F7DDAD6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.15093788992401 |
TrID: |
|
File name: | Certificate of Insurance (5).pdf |
File size: | 94'593 bytes |
MD5: | 8c076b5bf5f8f6183ee7896e8dcf30db |
SHA1: | 8f9bdbebcb24637c6d88e69576f0f343859d593f |
SHA256: | 919a3f484ac525845930707a0c0595986e1e66bd632e8de46fa016e3f46844b4 |
SHA512: | 5761ff3d0518b4b49650a280f88a2d3fae6146cbd8643cfcf1d5213426ea2fa2808a662ffc61be69355c4c8853fd789b26496541bd9d097a6f6337eb2214d547 |
SSDEEP: | 1536:iCrWVeL3+SMOg5OVByYT537QUtiGba2tMXW:SZSUCV5s2a6MXW |
TLSH: | 21934C5E8AAF34DCD48B88D4EC663145130DB2F6FBBB355A363C45607389A868E473D2 |
File Content Preview: | %PDF-1.4.%.....1 0 obj.<<./Length 3160./Subtype/XML./Type/Metadata.>>.stream.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c017 91.164464, 2020/06/15-10:20:05 ">. <rdf:RDF xm |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.4 |
Total Entropy: | 7.150938 |
Total Bytes: | 94593 |
Stream Entropy: | 7.680910 |
Stream Bytes: | 61017 |
Entropy outside Streams: | 5.078270 |
Bytes outside Streams: | 33576 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 143 |
endobj | 143 |
stream | 132 |
endstream | 132 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
14 | 2349184757294c3b | a0e42dfc9b14c4be1dc59c9b48c0d20f | |
141 | 061511b7346870c0 | b64290325c48c80e985369e9b78dbf61 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 18, 2024 15:13:53.711018085 CEST | 53461 | 53 | 192.168.2.9 | 1.1.1.1 |
Oct 18, 2024 15:14:07.770247936 CEST | 59672 | 53 | 192.168.2.9 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 18, 2024 15:13:53.711018085 CEST | 192.168.2.9 | 1.1.1.1 | 0xcf94 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 18, 2024 15:14:07.770247936 CEST | 192.168.2.9 | 1.1.1.1 | 0xff0a | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 18, 2024 15:13:51.058012009 CEST | 1.1.1.1 | 192.168.2.9 | 0x8fb2 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Oct 18, 2024 15:13:51.058012009 CEST | 1.1.1.1 | 192.168.2.9 | 0x8fb2 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Oct 18, 2024 15:13:53.718918085 CEST | 1.1.1.1 | 192.168.2.9 | 0xcf94 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 18, 2024 15:14:07.778544903 CEST | 1.1.1.1 | 192.168.2.9 | 0xff0a | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 09:13:39 |
Start date: | 18/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6153b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 09:13:40 |
Start date: | 18/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff61f300000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 09:13:41 |
Start date: | 18/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff61f300000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |