Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Nov. 10, 2021, 6:27 p.m.	Nov. 10, 2021, 6:29 p.m.

Size	42.8KB
Type	PDF document, version 1.4
MD5	`e822e0070c7f84af44407fd2fdfee044`
SHA256	`f682d94621d234a1953c539aa94780f65a9374148f2c404e3e418553a0c129e4`
CRC32	`8A05BB8F`
ssdeep	`768:RBcUUV/ERIjC5kWYL021cnDkssivyFHFyvBwQAl/jD2hXMmvMDfqfXgiOlTn1Hlm:Hcv/E0C5KSP9wQABUMDCW1xs`
Yara	PDF_Format_Z - PDF Format

AcroRd32.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" C:\Users\test22\AppData\Local\Temp\ServicedetailforDARevision.pdf
2156

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Nov. 10, 2021, 6:27 p.m.	process_identifier: 2156 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x71333000 process_handle: 0xffffffff	1	0	0

cmdline

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --locale=ko-kr --backgroundcolor=16514043

parent_process

acrord32.exe

martian_process

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --locale=ko-kr --backgroundcolor=16514043

ServicedetailforDARevision.pdf