Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Summary | ZeroBOX

Account.pdf

PDF ZIP Format

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	July 18, 2023, 6:21 p.m.	July 18, 2023, 6:35 p.m.

Size	2.1MB
Type	PDF document, version 1.7
MD5	`bfd3ae8bb20e06f32f5b46100dc498c2`
SHA256	`448bf205f66888cd2661b3b7531632a4d0f1e91ccc6568de07f0fdb41f4d96f8`
CRC32	`29E3E31A`
ssdeep	`49152:ooDXVcTzw1leiR2M8hB5sUPpoD0xpwA+UgUxR:ooDXT1leVMAzPpoDA+UZ`
Yara	PDF_Format_Z - PDF Format

AcroRd32.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" C:\Users\test22\AppData\Local\Temp\Account.pdf
1648

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch
45.33.6.223	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Performs some HTTP requests (5 events)

request	GET http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip
request	GET http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip
request	GET http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip
request	GET http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip
request	GET http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip

Uses Windows utilities for basic Windows functionality (1 event)

cmdline

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043

Communicates with host for which no DNS query was performed (1 event)

host

45.33.6.223

One or more non-whitelisted processes were created (1 event)

parent_process

acrord32.exe

martian_process

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043