Windows Analysis Report
Request for corporate Gifts.pdf

Overview

General Information

Sample name:	Request for corporate Gifts.pdf
Analysis ID:	1541325
MD5:	f1609805b3682c3a139a3425e3ac561b
SHA1:	2a4f73342591567e62e7d4523e83e3210b5ebf68
SHA256:	7431804982501ebd1d190f322c85cf022db6bcd47fd94ee807171763164f08b5
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Signatures

There are no high impact signatures.

Source: ReaderMessages.0.dr

String found in binary or memory: http://www.adobe.

Source: classification engine

Classification label: clean0.winPDF@2/6@0/0

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\Local\Temp\acrord32_sbx\A91p164vk_1d9xjg7_58c.tmp

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\Request for corporate Gifts.pdf"
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: unknown unknown			Jump to behavior

Source: Request for corporate Gifts.pdf	Initial sample: PDF keyword /JS count = 0
Source: Request for corporate Gifts.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Request for corporate Gifts.pdf

Initial sample: PDF keyword stream count = 47

Source: Request for corporate Gifts.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: Request for corporate Gifts.pdf

Initial sample: PDF keyword obj count = 50

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

Process information queried: ProcessInformation

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

ID:	1541325
Product:	CloudBasic
Start time:	17:33:22
Start date:	24.10.2024
Sample:	Request for corporate Gifts.pdf
Cookbook:	defaultwindowspdfcookbook.jbs
System description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Architecture:	WINDOWS
MD5:	f1609805b3682c3a139a3425e3ac561b
SHA1:	2a4f73342591567e62e7d4523e83e3210b5ebf68
SHA256:	7431804982501ebd1d190f322c85cf022db6bcd47fd94ee807171763164f08b5
Filetype:	Adobe Portable Document Format (5005/1) 100.00%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241024153534Z-164.bmp	PC bitmap, Windows 3.x format, 146 x -190 x 32, cbSize 111014, bits offset 54	B9688661BF8AD142AB9A7BCEC39DCA7B	3A505E2A133B27A047B0570CC85F34F04873D9CD	695C09807C27006DA97DD53B19CD48808C2035BE80CCA909F96544FB4B447639
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages	SQLite 3.x database, last written using SQLite version 3035004, file counter 33, database pages 17, cookie 0x5, schema 4, UTF-8, version-valid-for 33	5310A96DFA22AFA7BB8F54A2B0E9B8C8	9AC230DC6E722DF8D5E0844291DE5B918E8A8798	4B1EA64D3D752F3216E796560BDD47D7CDCCD090F8F8A8B6F95F43280DE0DA30
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal	SQLite Rollback Journal	42A0EE73EC17C08B99A4E5CCCD9BDB41	2B3BBC66C31B1C9EB1AFD402DCCA7BC45ADEC6CD	05EA647903F34C839856E1BA8A31593F63B84CA4270A39C003E26F43BF196392
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\TESTING	data	DC84B0D741E5BEAE8070013ADDCC8C28	802F4A6A20CBF157AAF6C4E07E4301578D5936A2	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\SOPHIA.json	JSON data	59F84FA0D43B74D809AE1C3F3D667847	3F636009EF1CA5A1A0A2CA893901348BE4AF56ED	93FEE19EECD387BAA64D6DED33E04DA7FA90512050675F5C12A4C241B1FB67FF
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin	data	3A34DE985FFF9FD75C994DC83DC3550D	FBE00658F00794C56758EA41A38043068B7524CF	8419630FEB9FFCB9EB0FD36CA855C964BE1AEA01C34EC24E1DE36F8AF6006DB0

Windows Analysis Report
Request for corporate Gifts.pdf

Overview

General Information

Detection

Signatures

Classification

Signatures

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Windows Analysis Report Request for corporate Gifts.pdf

Overview

General Information

Detection

Signatures

Classification

Signatures

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
Request for corporate Gifts.pdf