Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Oct. 6, 2024, 12:10 a.m.	Oct. 6, 2024, 12:12 a.m.

Size	21.3KB
Type	PDF document, version 1.3
MD5	`bab72e0cfa6ee351c92b6d0d7f8dc3f4`
SHA256	`98f09bbbf0e6880ae8fb43be14df3e040abca850f71238e3ca591b657ce0acaa`
CRC32	`7DC06BB0`
ssdeep	`384:AsSVdMW8vYwlkzmMuySEvA3vaWHsrv9EmgcRHgKevQTjZPg6h:uH84zjuyS6A3vDM5JgXKBO+`
Yara	PDF_Format_Z - PDF Format

AcroRd32.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\test22\AppData\Local\Temp\Screenshot 2024-09-24 at 10.39.54 PM.pdf"
3056

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Oct. 6, 2024, 12:10 a.m.	process_identifier: 3056 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x70f73000 process_handle: 0xffffffff	1	0	0

cmdline

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --locale=ko-kr --backgroundcolor=16514043

parent_process

acrord32.exe

martian_process

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --locale=ko-kr --backgroundcolor=16514043

Screenshot 2024-09-24 at 10.39.54 PM.pdf