Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Sept. 4, 2021, 3:26 p.m.	Sept. 4, 2021, 3:28 p.m.

Size	945.6KB
Type	PDF document, version 1.5
MD5	`887b611a15102af0238a4084c22be025`
SHA256	`97abb19ccb7c4d9da75e6d5cfff758977145b0d42c7aec6462e8bccdf9fb6838`
CRC32	`0211E678`
ssdeep	`12288:Zx0KXPiZ5uTL8ZL0L3PsOfGgOtb1vnQfic6XKdr0n165shujrCiIhUfQNd6WOlBf:AK6wL8ZAL3EOK55+ddrc1ugNFqBiF6R`
Yara	anti_vm_detect - Possibly employs anti-virtualization techniques PDF_Format_Z - PDF Format

AcroRd32.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\test22\AppData\Local\Temp\Security Bugs in Operation.pdf"
2412

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

request	GET http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip
request	GET http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip
request	GET http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip
request	GET http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip
request	GET http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip

cmdline

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043

parent_process

acrord32.exe

martian_process

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043

Security Bugs in Operation.pdf