Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	May 17, 2023, 9:20 a.m.	May 17, 2023, 9:22 a.m.

Size	41.5KB
Type	PDF document, version 1.7
MD5	`9a95e059d574d4c3bdd26627308e22b6`
SHA256	`eece19c89244c283c506645e90ca80d0db5e6d70ef2dbe6710c4272a6490cd6e`
CRC32	`955C8C7F`
ssdeep	`768:HRx/jCCSwnsqDNZ99oBZFdpXd8IH1/5lyRZ3ENKPLT/0ctDhRin+ouJOkIpkx4Qi:HDpZn6vn5HTKTTxVRin31hkViSkn`
Yara	PDF_Format_Z - PDF Format

AcroRd32.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" C:\Users\test22\AppData\Local\Temp\doc.pdf
1044

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

request	GET http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip
request	GET http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip
request	GET http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip
request	GET http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip
request	GET http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip

cmdline

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043

parent_process

acrord32.exe

martian_process

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043

doc.pdf