Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	July 5, 2023, 7:33 a.m.	July 5, 2023, 7:35 a.m.

Size	123.4KB
Type	data
MD5	`364810b2f1137e03bb976a512902e954`
SHA256	`c835b37d4fa1a99cce081055ad4f2b29f0a475ffbab55807ff9577c97a98f3bd`
CRC32	`3F61ABBA`
ssdeep	`3072:PSEw5hKQTHZ5IXhVGyzwNVxaJjEfEkQT/WMPXFb0zJZzVtq9RHg5ocUmG:+hp5AlzwNjUjLTJvF0u9RHOoN1`
Yara	None matched

AcroRd32.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\test22\AppData\Local\Temp\FACTURA XML y PDF.29941.pdf"
3004

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory July 5, 2023, 7:33 a.m.	process_identifier: 3004 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x71083000 process_handle: 0xffffffff	1	0	0

cmdline

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --locale=ko-kr --backgroundcolor=16514043

parent_process

acrord32.exe

martian_process

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --locale=ko-kr --backgroundcolor=16514043

FACTURA XML y PDF.29941.pdf