Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Dec. 1, 2024, 12:37 p.m.	Dec. 1, 2024, 12:40 p.m.

Size	181.0B
Type	MS Windows 95 Internet shortcut text (URL=<file://varied-flux-emails-grounds.trycloudflare.com@SSL/DavWWWRoot/JUNE--PDF12.lnk>), ASCII text, with CRLF line terminators
MD5	`f2950c78d47e36fd25aeb7178ec87968`
SHA256	`a59b317d1e7678430149a303b09f1d2bfe3cfe450cf9d325fd90ec288beee53a`
CRC32	`9A6C8262`
ssdeep	`3:HRAbABGQYm/+BBIVQslJPc1Mf18PKgDeNIkXpPMBHKs7V25YdimVVG/VClAWHyn:HRYFVm/gIVQWJJ2ygKjMQs7A54vVG/4c`
Yara	url_file_format - Microsoft Windows Internet Shortcut File Format

AcroRd32.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" C:\Users\test22\AppData\Local\Temp\kim.url.pdf
1072

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

request	GET http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/279_20_6_20042.zip
request	GET http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip
request	GET http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip
request	GET http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip
request	GET http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip

CTX	internetshortcut.downloader.generic
VIPRE	Gen:Variant.UrlDownloader.13
BitDefender	Gen:Variant.UrlDownloader.13
NANO-Antivirus	Trojan.Inf.Downloader.ezohxo
MicroWorld-eScan	Gen:Variant.UrlDownloader.13
FireEye	Gen:Variant.UrlDownloader.13
Kingsoft	Script.Troj.SuspLnk.22147

cmdline

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043

parent_process

acrord32.exe

martian_process

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043

kim.url