Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Aug. 23, 2021, 11:52 a.m.	Aug. 23, 2021, 11:56 a.m.

Size	74.9KB
Type	PDF document, version 1.4
MD5	`72950325644838b18c5d4e86d4dbda1d`
SHA256	`b2a6385c3f4b161aeaa731ea60d419bf75a0ff098dd397ecd6f0c2c1431a691c`
CRC32	`31FA623C`
ssdeep	`1536:JgjkMa5f6b1nelXHa2n15LhJhcrgdYBY+VaIV6pDYgUbKZau4Vy:cvb1elXHxBorAYBY+UI4pDYgUG0un`
Yara	PDF_Suspicious_Link_Z - PDF Suspicious Link PDF_Format_Z - PDF Format

AcroRd32.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" C:\Users\test22\AppData\Local\Temp\vunateduremar.pdf
2460

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Aug. 23, 2021, 11:52 a.m.	process_identifier: 2460 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72463000 process_handle: 0xffffffff	1	0	0

cmdline

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --locale=ko-kr --backgroundcolor=16514043

parent_process

acrord32.exe

martian_process

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --locale=ko-kr --backgroundcolor=16514043

vunateduremar.pdf