Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe
11.15 01:11
lum250.exe
11.15 01:11
msf443.exe
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe

Latest News
11.15 06:11
APT Activity Report: A...
11.15 06:11
Criminals recruiting a...
11.15 06:11
ViperSoftX: Tracking A...
11.15 06:11
Threat Intelligence Sn...
11.15 06:11
빌리빌리 ‘주술회전 팬텀 퍼레이드’, 글...
11.15 06:11
생면 국수 전문 프랜차이즈 국수나무, 제...
11.15 06:11
Macquarie Is Said to W...
11.15 06:11
Why AI-Driven Producti...
11.15 06:11
Threat Trend Report on...
11.15 06:11
Report on DDoSia Malwa...

Summary | ZeroBOX

lgarsx.pdf

PDF ZIP Format

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Aug. 4, 2023, 8:57 a.m.	Aug. 4, 2023, 9:23 a.m.

Size	737.9KB
Type	PDF document, version 1.4
MD5	`466d18edebd09e5e05d36a6d15d27375`
SHA256	`bb0795a8bdc34373f9694270e2d417f9cccb676b12cec1b9514732db378d029b`
CRC32	`4C77961A`
ssdeep	`12288:ibyVNXG79oi/Gs+z2H9kK6XptE2Eof/fbIXTZB4bKy8AizR6zdIMXptE2DbIXFG6:ibUNW79oi/Gs+zxXRzuTi/izQzdIMXRM`
Yara	PDF_Format_Z - PDF Format

AcroRd32.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" C:\Users\test22\AppData\Local\Temp\lgarsx.pdf
884

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch
23.74.15.25	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Performs some HTTP requests (5 events)

request	GET http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip
request	GET http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip
request	GET http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip
request	GET http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip
request	GET http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip

Uses Windows utilities for basic Windows functionality (1 event)

cmdline

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043

Communicates with host for which no DNS query was performed (1 event)

host

23.74.15.25

One or more non-whitelisted processes were created (1 event)

parent_process

acrord32.exe

martian_process

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043