Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	March 7, 2023, 5:02 p.m.	March 7, 2023, 5:04 p.m.

Size	18.6KB
Type	PDF document, version 1.7
MD5	`adfc880ef5985ca36a7c9b7477a5b899`
SHA256	`5fc6b6f0db69bedb308e0ec1ca7ac9b39a47e00841337fff82b83004f74c5a15`
CRC32	`6108BDAE`
ssdeep	`384:Wum5tJBw6p86yYR1SmOobk7S89UZcJff25xwS/j6hr2cr0+cCsDcYDIlYDIvJoYS:J0I6p86XSCk7y8fWrrur2cr01df`
Yara	PDF_Suspicious_Link_Z - PDF Suspicious Link PDF_Format_Z - PDF Format

AcroRd32.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" C:\Users\test22\AppData\Local\Temp\Invoice-1449260.pdf
3008

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory March 7, 2023, 5:02 p.m.	process_identifier: 3008 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x70c03000 process_handle: 0xffffffff	1	0	0

cmdline

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --locale=ko-kr --backgroundcolor=16514043

parent_process

acrord32.exe

martian_process

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --locale=ko-kr --backgroundcolor=16514043

Invoice-1449260.pdf