Windows
Analysis Report
INV_52974613.pdf
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 2300 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\I NV_5297461 3.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 3032 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 6880 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=22 52 --field -trial-han dle=1500,i ,964765890 6102425964 ,916043923 3810104032 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Non-Application Layer Protocol | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
x1.i.lencr.org | unknown | unknown | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1540338 |
Start date and time: | 2024-10-23 16:58:26 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 2s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 13 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | INV_52974613.pdf |
Detection: | CLEAN |
Classification: | clean0.winPDF@14/27@1/0 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 18.207.85.246, 107.22.247.231, 34.193.227.236, 54.144.73.197, 162.159.61.3, 172.64.41.3, 95.101.148.135, 2.23.197.184, 2.19.126.143, 2.19.126.149, 93.184.221.240
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, e4578.dscb.akamaiedge.net, acroipm2.adobe.com, wu.azureedge.net, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net, fs.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, armmf.adobe.com, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: INV_52974613.pdf
Time | Type | Description |
---|---|---|
10:59:39 | API Interceptor |
Input | Output |
---|---|
URL: PDF document Model: claude-3-haiku-20240307 | ```json { "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": [ "BILL TO", "DATE", "INVOICE #", "PAYMENT TERM" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false } |
URL: PDF document Model: claude-3-haiku-20240307 | ```json { "brands": [ "obe Fitness" ] } |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.236062186426163 |
Encrypted: | false |
SSDEEP: | 6:hxGBv4q2PCHhJ2nKuAl9OmbnIFUt8yxeJZmw+yxeDkwOCHhJ2nKuAl9OmbjLJ:6KvBHAahFUt8//+t56HAaSJ |
MD5: | 38CBDB2330B3599C190C12288932AECE |
SHA1: | 39EF9C913A272183F5CA6AEE426A2C8A3F930E0A |
SHA-256: | 755B9CAA82A571FAA274B18CA032864B6E99004CF670D7908335C384CF40B9B0 |
SHA-512: | 0979859231ED2B6E48D343DFBCF7DB457CC9FCE1861714BC1D5DAB992E2F67E4F02AE2EEEF703984B59E841D4766BBCEC595F56F0F026BB92B9AC87979A95B66 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.236062186426163 |
Encrypted: | false |
SSDEEP: | 6:hxGBv4q2PCHhJ2nKuAl9OmbnIFUt8yxeJZmw+yxeDkwOCHhJ2nKuAl9OmbjLJ:6KvBHAahFUt8//+t56HAaSJ |
MD5: | 38CBDB2330B3599C190C12288932AECE |
SHA1: | 39EF9C913A272183F5CA6AEE426A2C8A3F930E0A |
SHA-256: | 755B9CAA82A571FAA274B18CA032864B6E99004CF670D7908335C384CF40B9B0 |
SHA-512: | 0979859231ED2B6E48D343DFBCF7DB457CC9FCE1861714BC1D5DAB992E2F67E4F02AE2EEEF703984B59E841D4766BBCEC595F56F0F026BB92B9AC87979A95B66 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 335 |
Entropy (8bit): | 5.187654188373404 |
Encrypted: | false |
SSDEEP: | 6:hxSQWM+q2PCHhJ2nKuAl9Ombzo2jMGIFUt8yxjSG1Zmw+yxjSQWMVkwOCHhJ2nK3:j+vBHAa8uFUt8u11/+u3V56HAa8RJ |
MD5: | 405FCD3B06D1BF8201C562E818813140 |
SHA1: | 36E1D82F642E816A94C3AAC2EE415B8645425D3B |
SHA-256: | E265C149081C95B7192B892FAC206E075E2B58F43B0BE5B379ECB53DEE10B4BF |
SHA-512: | 92716234168E16D09586E20920752990A86087B39C466FFF8F8FBEFD03CFCC71A536EE9FE37EA2286F909B913C02152D42C6D1F975D925D40AE52691FA4FE6C4 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 335 |
Entropy (8bit): | 5.187654188373404 |
Encrypted: | false |
SSDEEP: | 6:hxSQWM+q2PCHhJ2nKuAl9Ombzo2jMGIFUt8yxjSG1Zmw+yxjSQWMVkwOCHhJ2nK3:j+vBHAa8uFUt8u11/+u3V56HAa8RJ |
MD5: | 405FCD3B06D1BF8201C562E818813140 |
SHA1: | 36E1D82F642E816A94C3AAC2EE415B8645425D3B |
SHA-256: | E265C149081C95B7192B892FAC206E075E2B58F43B0BE5B379ECB53DEE10B4BF |
SHA-512: | 92716234168E16D09586E20920752990A86087B39C466FFF8F8FBEFD03CFCC71A536EE9FE37EA2286F909B913C02152D42C6D1F975D925D40AE52691FA4FE6C4 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\55c36882-304b-493a-b02d-65ea146f4cfd.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.970426470692803 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqjQnIMpEsBdOg2H+Y2caq3QYiub6P7E4T3y:Y2sRds0CdMH+YJ3QYhbS7nby |
MD5: | 3611187F2FEE61373130B271E4438C34 |
SHA1: | 58BE918E03126BA434F7D1A8906D15C33786BAD3 |
SHA-256: | EDA21F4544FABDC47A907E8D9E681F0D9189EE6F4924C62C49079352B49A6587 |
SHA-512: | 44CF2BE275392DB6891DBBC39923EF58FCAA84581BABC71E28A655365D2278B679FC1177A543555D8DF97C0DB1AE67E6CE0FE91A1FCBF53C31C3B866F1D1F626 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.970426470692803 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqjQnIMpEsBdOg2H+Y2caq3QYiub6P7E4T3y:Y2sRds0CdMH+YJ3QYhbS7nby |
MD5: | 3611187F2FEE61373130B271E4438C34 |
SHA1: | 58BE918E03126BA434F7D1A8906D15C33786BAD3 |
SHA-256: | EDA21F4544FABDC47A907E8D9E681F0D9189EE6F4924C62C49079352B49A6587 |
SHA-512: | 44CF2BE275392DB6891DBBC39923EF58FCAA84581BABC71E28A655365D2278B679FC1177A543555D8DF97C0DB1AE67E6CE0FE91A1FCBF53C31C3B866F1D1F626 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4288 |
Entropy (8bit): | 5.2351679128812485 |
Encrypted: | false |
SSDEEP: | 96:S4bz5vsZ4CzSAsfTxiVud4TxY0CIOr3MCWO3VxBaw+b/scNqARQeNJJRZ:S43C4mS7fFi0KFYDjr3LWO3V3aw+b0c3 |
MD5: | 7CB4284703C620C8CF9100A6CB9DFF79 |
SHA1: | 8B5EB1A343A09E4305EBA7D6EE620CFFD0A24DBF |
SHA-256: | 26554E29EF4F9FDFCC22E75DE66F4E4DA64D9E017FF3A65310101BC120A5FE35 |
SHA-512: | EAFA29ED54B850752B5B92C0694D57C454B13BC3C2728691984407E9C33D0ED2B7D0DFFE52943AF02845CC7F249199980982313947A27B5B8035BE28611322FB |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 323 |
Entropy (8bit): | 5.183373499384324 |
Encrypted: | false |
SSDEEP: | 6:hxH0FEwQWM+q2PCHhJ2nKuAl9OmbzNMxIFUt8yxHtSG1Zmw+yxH+NAQWMVkwOCHS:YFEN+vBHAa8jFUt8G1/+V9V56HAa84J |
MD5: | 733ED71EEAE468D8BBEA82157E20C9E6 |
SHA1: | 63BC57C8F173258F1B8926BBB21CA8D9FCE02552 |
SHA-256: | 455CEE1197EAF6DE358EECEF055279690956588B99A1BA85D8A93AA33E1EA352 |
SHA-512: | 24F4521ABF8AF266290161EE3A3241729AAFEE4CB8671B6FFFD9043FD6342C86D718B89AB36024B53DD0B35C4FBD1B09642EDAB62770AC57B669DDB87C64060B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 323 |
Entropy (8bit): | 5.183373499384324 |
Encrypted: | false |
SSDEEP: | 6:hxH0FEwQWM+q2PCHhJ2nKuAl9OmbzNMxIFUt8yxHtSG1Zmw+yxH+NAQWMVkwOCHS:YFEN+vBHAa8jFUt8G1/+V9V56HAa84J |
MD5: | 733ED71EEAE468D8BBEA82157E20C9E6 |
SHA1: | 63BC57C8F173258F1B8926BBB21CA8D9FCE02552 |
SHA-256: | 455CEE1197EAF6DE358EECEF055279690956588B99A1BA85D8A93AA33E1EA352 |
SHA-512: | 24F4521ABF8AF266290161EE3A3241729AAFEE4CB8671B6FFFD9043FD6342C86D718B89AB36024B53DD0B35C4FBD1B09642EDAB62770AC57B669DDB87C64060B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241023145929Z-179.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 2.7684059563908505 |
Encrypted: | false |
SSDEEP: | 384:Nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn3:gk8e |
MD5: | 6830DA816ADBCDDA72A1704E74577E22 |
SHA1: | D247C7780725B054D4E548D8FF8237F81048F236 |
SHA-256: | DC2C0543F37EAAEE07345608D17CF359F7660A7E2BEFD40E1D5B1ABAEE1744CF |
SHA-512: | 632347F8808BACE98881F2E711ED98994EAC3FCB3D97B039BD92BAC386A01DE68C477AD860322E56D694107B1AE639D51748152967AE4B31B92F7074240D8C1E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.721199734775717 |
Encrypted: | false |
SSDEEP: | 3:kkFkldlkfllXlE/HT8kG7l1NNX8RolJuRdxLlGB9lQRYwpDdt:kK+T8Rl7NMa8RdWBwRd |
MD5: | 14F31DD822FFE02438E06767E1E37E70 |
SHA1: | AA148E33A34D8FDFA8FCC56E3D71B504E1C0E637 |
SHA-256: | 355708E83CA92B3B1231735B7AC7850D43164C7B35ABD55DF843F11D185380E9 |
SHA-512: | AB070C6246F02109899A8AE23D8FFB69744CEF29C7833D6FF60D6F4F6B4257A6F180DCE0C8A1394395E312D4137E4306999CC760FAC518CE677C1AB1FACE6C06 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.150184159866505 |
Encrypted: | false |
SSDEEP: | 6:kKibElD9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:KElaDnLNkPlE99SNxAhUe/3 |
MD5: | B0252E6376EFFDB5DF9FFD47B3A94026 |
SHA1: | D028C6396EFE52DBCC9A5E11C8121ADB93A1A07E |
SHA-256: | 73B32CC8741F5D567E1865610F8B8303B8E70EE44261F426C60812F1CED7375F |
SHA-512: | F43F2608131C91544AE8383F216AE7EFA3849346EFCCE38D881925C6C76A5AA6B36E3600B282372F385CEC6C5C69F7351EE3C4D133FDFA5A5705103F01CCB990 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2145 |
Entropy (8bit): | 5.070681568267094 |
Encrypted: | false |
SSDEEP: | 48:Y+o+eHIYH8TFSGTFXwiTFgCTF3bTFDL0ToT3UTpNMaTN:MhoJLWNMu |
MD5: | C82160A988F9866A36977AF9EF537118 |
SHA1: | A3DA50F286C692C7BDAFA99832634662E9ABB0C7 |
SHA-256: | 7061AB003CAC4FB977648AA2D5BB5D465596946753D20B9755A165E7657F7E5C |
SHA-512: | 4891A1360A2EF666D0C67D2BF3C757D0C642713C5712BB83E64711E4314594FF87BB4A11767E5245BEABD392E2F5288D04052DF00F8EDA96B3393C6D22932C6A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.3174154836285463 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7ms9WR1CPmPbPahhRgypilI/RG:lNVms9WfMwbPahhe04 |
MD5: | 3E83A26DBE335AB4748BC392BF10E548 |
SHA1: | 1FE4257A55AE5991937A28558C6AC92C2958DD40 |
SHA-256: | B349153A7FCC7E469785DFDDF8CB9F9EBF5811DBFA58C9BCEC9F62C9688003CC |
SHA-512: | 49DF737CF149734C874EB760DB1B1F3EE348DEB4349FDDD0FFD0D3CAB403ED295AC6E3986FEEC4EE6458B45E15F364A63F046C12A293E226B363D8DB39CFA4F0 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.7802393409644173 |
Encrypted: | false |
SSDEEP: | 48:7MjWR1CPmPbPahhRlypilIGnqFl2GL7mse:7WWfMwbPahhHDKVmse |
MD5: | 97160677ABA6F7BAE036FA918208AEE8 |
SHA1: | 0D31E32253DE34EB811344A908EBC971836F1D07 |
SHA-256: | A2AB1B9139889251C98E03BD22DB5A658078270B72D62C506E4BAE9C133859EA |
SHA-512: | D34CEF730DA2FB06922D0F8807812B019C4F0A9E6850257599C1C6B2321EB88754C7332D1D9E09827E5E3FA2470374BC3ED83C9B9FDDC4CD1C512B44C9E22CD9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.524398495091119 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8rOlQqdNGflH:Qw946cPbiOxDlbYnuRKDlWflH |
MD5: | AFBE13FAAA72D4C3EB18B1DC4A2BDE3A |
SHA1: | 6E6D84305EAE199B999222E8E82DEE0F202155CD |
SHA-256: | A3CCBCCB6280F0CB95257A2B33F6ABE80274F4010F7DE4D4366462B884B17A08 |
SHA-512: | 1F3813DABD3223E0B2BDDB9416CAF74C0CD23EBCF3C9D573119651C6C2C6E0EEEB6EB4D250EBBA2D4EB61425B50E35B4FA7C4E661A2591F4B34C1CC37F61140B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.046396782078796 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOM7RI6lp7RI6PLCSyAAO:IngVMre9T0HQIDmy9g06JX266l166zlX |
MD5: | CB5E385A02659521B99B903CAC97758C |
SHA1: | 1E27D5562FAD16974F93D72B5866E17870EC6014 |
SHA-256: | 11B146C855E4A27A7B8A55881E0B9BA22A98515758C88512BF39B2F117138073 |
SHA-512: | C0045ED87960DBFBBDE6A1D2AC5902FA3EE075DEB5E125338885ED633FB55E7B7476320F92351441CD8547BEF17EF63684CC6BCC7B248F8AAC592EE9325BB360 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-23 10-59-28-259.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.33860678500249 |
Encrypted: | false |
SSDEEP: | 384:IC2heaVGJMUPhP80d0Wc+9eG/CCihFomva7RVRkfKhZmWWyC7rjgNgXo6ge5iaW0:X8B |
MD5: | C3FEDB046D1699616E22C50131AAF109 |
SHA1: | C9EEA5A1A16BD2CD8154E8C308C8A336E990CA8D |
SHA-256: | EA948BAC75D609B74084113392C9F0615D447B7F4AACA78D818205503EACC3FD |
SHA-512: | 845CDB5166B35B39215A051144452BEF9161FFD735B3F8BD232FB9A7588BA016F7939D91B62E27D6728686DFA181EFC3F3CC9954B2EDAB7FC73FCCE850915185 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.365423860050838 |
Encrypted: | false |
SSDEEP: | 384:RlJwJJkk+gfPeAE6gYcK53GOtuU9q6Qb48w8Ozji64xIOHnCiphjYrYBEHtoF3P8:ANV |
MD5: | 695A2DAB1474D321C7D9843C4B6AC1CF |
SHA1: | 6E626E1571BBE00BCFA7AA71CD5153D100F06C43 |
SHA-256: | 61F0004362AB380C2F1B6C65E31D4450D668AB191C9F5DDED22E6A394D11AA45 |
SHA-512: | B3BB82C665C9AAB30C0A3F229E869C1B1BECADEBA54282FD3C18BBD7FDA4943FBE19265284716F7B6DB541DF4FC862C2C46E38EDE4872D5FEB83EC982D3D9371 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.409689429115358 |
Encrypted: | false |
SSDEEP: | 192:TcbeIewcbVcbqI4ucbrcbQIrJcb6cbCIC4cbWcboII6cbx:ceo4+rsCDIR |
MD5: | 248D2C9ACE71120C029BC60A0299F04D |
SHA1: | C72D87787B273E0781A503D4181699319305BDCD |
SHA-256: | 107B81C6B939AB5D21B5F5D874D1700902DFC33F67359986219C867E07DCE94A |
SHA-512: | D1E5C1860FE7E7D146DB9A81D89EB7B2AAFD31CA9515F2FA12A69EE4B37EBE6D34E9D77AD1951993B0B0BE4D47361200BF545654AD457A30A874A08576400E91 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw |
MD5: | 8B9FA2EC5118087D19CFDB20DA7C4C26 |
SHA1: | E32D6A1829B18717EF1455B73E88D36E0410EF93 |
SHA-256: | 4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD |
SHA-512: | 662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/rwYIGNP4mOWL07oBGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:TwZG6bWLxBGZN3mlind9i4ufFXpAXkru |
MD5: | 95F182500FC92778102336D2D5AADCC8 |
SHA1: | BEC510B6B3D595833AF46B04C5843B95D2A0A6C9 |
SHA-256: | 9F9C041D7EE1DA404E53022D475B9E6D5924A17C08D5FDEC58C0A1DCDCC4D4C9 |
SHA-512: | D7C022459486D124CC6CDACEAD8D46E16EDC472F4780A27C29D98B35AD01A9BA95F62155433264CC12C32BFF384C7ECAFCE0AC45853326CBC622AE65EE0D90BA |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.801374329343838 |
TrID: |
|
File name: | INV_52974613.pdf |
File size: | 30'896 bytes |
MD5: | bff7c19ba5e43f90784799397914dda6 |
SHA1: | 9dfbda38773ad5d9198798dba03d405e8151c9ac |
SHA256: | 60d722bdd0b4adc1d475def33c5656f619523091887ef7e687f9780e4c1e7446 |
SHA512: | 9f494ca7a198d331d30c4949be6d3b29a3815133ce335db9d534c403138eb9573251229e01066413a6149436dbac84cfdf74510a31e9753bd8324e45867ec754 |
SSDEEP: | 768:7IxzyJiJqcFl6cxSbt9PbTaJM2+0C6F+I/6zLqQzN9:EscFrUvPOSIFs/qkN9 |
TLSH: | ADD2CF2A66C40C2EEDE7C73655AC78CF492D722BC9EC55C3B0364AA51D821D8F83356E |
File Content Preview: | %PDF-1.4.1 0 obj.<<./Title (...I.n.v.o.i.c.e)./Creator (...w.k.h.t.m.l.t.o.p.d.f. .0...1.2...6)./Producer (...Q.t. .4...8...7)./CreationDate (D:20241022173932+02'00').>>.endobj.3 0 obj.<<./Type /ExtGState./SA true./SM 0.02./ca 1.0./CA 1.0./AIS false./SMas |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.4 |
Total Entropy: | 7.801374 |
Total Bytes: | 30896 |
Stream Entropy: | 7.921323 |
Stream Bytes: | 26696 |
Entropy outside Streams: | 5.133080 |
Bytes outside Streams: | 4200 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 30 |
endobj | 30 |
stream | 7 |
endstream | 7 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
8 | 6aa2b2694d4d69b2 | faacd229a3077f54cd4ec67305fcae7d | |
10 | 0000000000000000 | a21773f3f9116319e566ce2a01e2c929 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 23, 2024 16:59:39.787404060 CEST | 57347 | 53 | 192.168.2.8 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 23, 2024 16:59:39.787404060 CEST | 192.168.2.8 | 1.1.1.1 | 0xd53a | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 23, 2024 16:59:39.795830011 CEST | 1.1.1.1 | 192.168.2.8 | 0xd53a | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 1 |
Start time: | 10:59:23 |
Start date: | 23/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6e8200000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 10:59:25 |
Start date: | 23/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff79c940000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 10:59:25 |
Start date: | 23/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff79c940000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |