Edit tour

Windows Analysis Report
Request for corporate Gifts.pdf

Overview

General Information

Sample name:	Request for corporate Gifts.pdf
Analysis ID:	1541325
MD5:	f1609805b3682c3a139a3425e3ac561b
SHA1:	2a4f73342591567e62e7d4523e83e3210b5ebf68
SHA256:	7431804982501ebd1d190f322c85cf022db6bcd47fd94ee807171763164f08b5
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64native

AcroRd32.exe (PID: 5540 cmdline: "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\Request for corporate Gifts.pdf" MD5: 6791EAE6124B58F201B32F1F6C3EC1B0)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: ReaderMessages.0.dr

String found in binary or memory: http://www.adobe.

Source: classification engine

Classification label: clean0.winPDF@2/6@0/0

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\Local\Temp\acrord32_sbx\A91p164vk_1d9xjg7_58c.tmp

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\Request for corporate Gifts.pdf"
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: unknown unknown			Jump to behavior

Source: Request for corporate Gifts.pdf	Initial sample: PDF keyword /JS count = 0
Source: Request for corporate Gifts.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Request for corporate Gifts.pdf

Initial sample: PDF keyword stream count = 47

Source: Request for corporate Gifts.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: Request for corporate Gifts.pdf

Initial sample: PDF keyword obj count = 50

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

Process information queried: ProcessInformation

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.adobe.	ReaderMessages.0.dr	false		unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1541325
Start date and time:	2024-10-24 17:33:22 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 21s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Number of analysed new started processes analysed:	3
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Request for corporate Gifts.pdf
Detection:	CLEAN
Classification:	clean0.winPDF@2/6@0/0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Excluded IPs from analysis (whitelisted): 23.55.235.163, 23.55.235.178, 23.55.235.184, 23.55.235.170, 23.55.235.171, 23.55.235.176, 23.55.235.179, 23.55.235.169, 23.55.235.177, 23.54.127.40, 23.54.127.37, 23.55.235.233, 23.55.235.248, 23.54.161.99, 23.54.161.82, 23.55.235.242, 23.55.235.243, 23.55.235.168, 23.54.161.90
Excluded domains from analysis (whitelisted): acroipm2.adobe.com.edgesuite.net, a122.dscd.akamai.net, acroipm2.adobe.com, dns.msftncsi.com
VT rate limit hit for: Request for corporate Gifts.pdf

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: PDF document Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Please complete the following and return by email, mail, fax or in person to: serviceOakville@oakville.ca, Town of Oakville, 1225 Trafalgar Road, Oakville, ON L6J 5A6", "prominent_button_name": "unknown", "text_input_field_labels": [ "Date of request", "Name of organization", "Type of organization", "Participants of event", "The corporate gifts will be used for", "Item(s) being requested:", "How did you hear about our corporate gift program?", "Contact name", "Telephone #", "Address" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: PDF document Model: claude-3-haiku-20240307	```json { "brands": [ "Oakville" ] }
	```json { "brands": [ "Oakville" ] }

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241024153534Z-164.bmp

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	PC bitmap, Windows 3.x format, 146 x -190 x 32, cbSize 111014, bits offset 54
Category:	dropped
Size (bytes):	111014
Entropy (8bit):	2.087211027281178
Encrypted:	false
SSDEEP:	1536:VNfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffW:VN6Dh
MD5:	B9688661BF8AD142AB9A7BCEC39DCA7B
SHA1:	3A505E2A133B27A047B0570CC85F34F04873D9CD
SHA-256:	695C09807C27006DA97DD53B19CD48808C2035BE80CCA909F96544FB4B447639
SHA-512:	17D48C6D8BF66C49726DF50DB532C454CA01C7BFE6CE248CF4B206DD784B9CFAF696D6BE38F659B4E20ECEC4228F1178720B79412F9C60DF5F1CC13D6C7A3588
Malicious:	false
Reputation:	low
Preview:	BM........6...(.......B..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035004, file counter 33, database pages 17, cookie 0x5, schema 4, UTF-8, version-valid-for 33
Category:	dropped
Size (bytes):	69632
Entropy (8bit):	4.361275209567427
Encrypted:	false
SSDEEP:	384:eeETh6tEL38/GGN5ptmGQen3xx2ZszKhivC5vxwRv0ZsLRGV:7clGpBgZs/l0ZsLU
MD5:	5310A96DFA22AFA7BB8F54A2B0E9B8C8
SHA1:	9AC230DC6E722DF8D5E0844291DE5B918E8A8798
SHA-256:	4B1EA64D3D752F3216E796560BDD47D7CDCCD090F8F8A8B6F95F43280DE0DA30
SHA-512:	330FFD6D1D27FF24B66CF1C1466917A05308CEBA4E3A10CEB84415A985626CDCCA4970810C7E09EC35A9D5912DED89868164AE2339828505C406256F5DB89ECF
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ...!...................................................................!..O\|......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	3.4861651418915374
Encrypted:	false
SSDEEP:	48:7MxOiol1xCol1sol1Q2iolVXiolsol1Nol1Aiol1fOiol1fEMol1C8ol1D5iolaB:7rXpXFQPBun9IVXEBodRBk7
MD5:	42A0EE73EC17C08B99A4E5CCCD9BDB41
SHA1:	2B3BBC66C31B1C9EB1AFD402DCCA7BC45ADEC6CD
SHA-256:	05EA647903F34C839856E1BA8A31593F63B84CA4270A39C003E26F43BF196392
SHA-512:	C5ACC1F7918EA4EAD6F5D28E8B26205EF793EDA06633F1EACEF8C8ADFE644D667A2A6ABAE6319B7E36DBF3AAF649C70C2609C97AF345B5D2B8B424F447338C50
Malicious:	false
Reputation:	low
Preview:	.... .c.....`~........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................y...g..m...../.g.......~...r......................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\TESTING

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Reputation:	high, very likely benign file
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\SOPHIA.json

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	945
Entropy (8bit):	5.065419592949336
Encrypted:	false
SSDEEP:	12:YFqxBoC22502+Otv22E3CyMCV+t8oxwZKg2Ak36SK/0igly8jkE5ksoJSnONs:YFuF2NO2LSZCgq+/URAjzROG
MD5:	59F84FA0D43B74D809AE1C3F3D667847
SHA1:	3F636009EF1CA5A1A0A2CA893901348BE4AF56ED
SHA-256:	93FEE19EECD387BAA64D6DED33E04DA7FA90512050675F5C12A4C241B1FB67FF
SHA-512:	7632D7E3643EA7279DAD2166C585CAD4ED93F774EE71ADF6B783E8B915BFE8F6BD6E924D815F46E2AF77381D9CD9B5D15DA97A537817D10F252C6ADCFC987A17
Malicious:	false
Reputation:	low
Preview:	{"all":[{"id":"TESTING","info":{"dg":"DG","sid":"TESTING"},"mimeType":"file","size":4,"ts":1729784132000},{"id":"DC_FirstMile_Right_Sec_Surface","info":{"dg":"0353a8d4cbb1fc6eab3151e24b9d1c03","sid":"DC_FirstMile_Right_Sec_Surface"},"mimeType":"file","size":294,"ts":1725958090000},{"id":"Edit_InApp_Aug2020","info":{"dg":"6c845701913dc07a142631007125304a","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1725958090000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"9a041f338931f9aaad7d5f13d6917eef","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1725958090000},{"id":"DC_Reader_Upsell_Cards","info":{"dg":"e4e8b9846fec296de87fec860fc692f8","sid":"DC_Reader_Upsell_Cards"},"mimeType":"file","size":286,"ts":1725958090000},{"id":"DC_Reader_RHP_Retention","info":{"dg":"ac64b04ece130274a3be222dc51bdd30","sid":"DC_Reader_RHP_Retention"},"mimeType":"file","size":287,"ts":1725958090000}],"g_info":{"Version":"0.0.0.1"}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	data
Category:	dropped
Size (bytes):	40393
Entropy (8bit):	5.518083145564749
Encrypted:	false
SSDEEP:	384:K7X4oyVFMqHBC6Q2DvrDYvm8eZnstUA+UdJYNg7y:KT4oyVFMwBDQorDYvm8O9A5jYyu
MD5:	3A34DE985FFF9FD75C994DC83DC3550D
SHA1:	FBE00658F00794C56758EA41A38043068B7524CF
SHA-256:	8419630FEB9FFCB9EB0FD36CA855C964BE1AEA01C34EC24E1DE36F8AF6006DB0
SHA-512:	33C7A856AF0D7470EEA54C8DDE1A78DCCEB1BE69EAAEE8D1C69A16237C1BDE92AEE3EED2D76A13A3B0FD8A5DECF9B0ED622393994608BF6497564AF7999A2767
Malicious:	false
Reputation:	low
Preview:	4.241.93.FID.2:o:........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.107.FID.2:o:........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.103.FID.2:o:........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.116.FID.2:o:........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.75.FID.2:o:........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.89.FID.2:o:........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.85.FID.2:o:........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.98.FID.2:o:........:F:Arial-BoldItalicMT.P:Arial Bold Italic.L:$.........................."F:Arial.#.91.FID.2:o:........:F:Arial-Black.P:Arial Black.L:-.........................."F:Arial Black.#.103.FID.2:o:........:F:Bahnschrift.P:Bahnschrift Light.L:&...............,.........."F:Bahnschrift Light.#.

Static File Info

General

File type:	PDF document, version 1.7 (zip deflate encoded)
Entropy (8bit):	7.971789418677254
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Request for corporate Gifts.pdf
File size:	254'829 bytes
MD5:	f1609805b3682c3a139a3425e3ac561b
SHA1:	2a4f73342591567e62e7d4523e83e3210b5ebf68
SHA256:	7431804982501ebd1d190f322c85cf022db6bcd47fd94ee807171763164f08b5
SHA512:	2a104207426b6f81e7da985305f861433c92ea72827796cd05b88160eb1f047fb27ab1cc977d9d0d3eb736497b35eb221072732af96c93c2a4c9964392abdfe7
SSDEEP:	6144:hURyq8s0z9yP1VkYd3VP/xlVcYHjzOA4/sz:3sN1aIdTVcYHjzOtk
TLSH:	C74402666762F622803B863D12511E3AD0ED3383396D2659794E8F7FE721C33D093A93
File Content Preview:	%PDF-1.7.%......7 0 obj.<</Linearized 1/L 254829/O 9/E 251000/N 1/T 254538/H [ 621 215]>>.endobj. ..51 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<4ED95DFF50A871E191F3E6425F96FC36><758DB5A24247E5488017FD2956202B6

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.7
Total Entropy:	7.971789
Total Bytes:	254829
Stream Entropy:	7.980582
Stream Bytes:	245602
Entropy outside Streams:	5.322037
Bytes outside Streams:	9227
Number of EOF found:	2
Bytes after EOF:

Keywords Statistics

Name	Count
obj	50
endobj	50
stream	47
endstream	47
xref	0
trailer	0
startxref	2
/Page	1
/Encrypt	0
/ObjStm	3
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5
48	0101010101010101	8a202b5c9a57a136c09563412f57488f
49	0000000000000000	a4faf2bb222bf3529b419083b36e1671
50	c0606890c8987060	67c1c71b6f879ae39b7a5f798063ff12

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

System Behavior

Analysis Process: AcroRd32.exePID: 5540, Parent PID: 5008

General

Target ID:	0
Start time:	11:35:29
Start date:	24/10/2024
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\Request for corporate Gifts.pdf"
Imagebase:	0x6e0000
File size:	3'014'368 bytes
MD5 hash:	6791EAE6124B58F201B32F1F6C3EC1B0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Request for corporate Gifts.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241024153534Z-164.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin

Static File Info

General

File Icon

Static PDF Info

General

Keywords Statistics

Image Streams

Network Behavior

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

System Behavior

Analysis Process: AcroRd32.exePID: 5540, Parent PID: 5008

General

Chronological Activities

Disassembly

Windows Analysis Report
Request for corporate Gifts.pdf