Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	July 5, 2023, 9:40 a.m.	July 5, 2023, 9:42 a.m.

Size	11.1MB
Type	PDF document, version 1.4
MD5	`256acb98c1c970818640ec89f1060458`
SHA256	`39b92093b8c443c10ecb0066d44f539ea0af7c4727858db19eff58bae04e1fdb`
CRC32	`242CF5DF`
ssdeep	`196608:YdakjcQsUXbcCRGD83hsj/v6DweIQ0XJLeJVeI+d4EUtyNN+i8n9spp4:ejXs2bcCUys7UMXJLpHd4EsyNN+Nn9sw`
Yara	PDF_Format_Z - PDF Format

AcroRd32.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" C:\Users\test22\AppData\Local\Temp\Flightpath.lnk.pdf
2076

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

request	GET http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip
request	GET http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip
request	GET http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip
request	GET http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip
request	GET http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip

cmdline

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043

parent_process

acrord32.exe

martian_process

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043

Flightpath.lnk