Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Jan. 15, 2025, 3:03 p.m.	Jan. 15, 2025, 3:05 p.m.

Size	114.8KB
Type	PDF document, version 1.4
MD5	`415c0d031a1ec67e74c81501c2d4556e`
SHA256	`6d08cbea60b02a71fa1194440e26bcc50500180e2c635ba568cf96173c2a5f6c`
CRC32	`845C2E98`
ssdeep	`3072:Find12i2cgbQT/5RUdO6KHUG8uPPTPnM+/HHM:Fid12igkT/56mHZ86vM+vHM`
Yara	PDF_Format_Z - PDF Format PDF_Suspicious_Link_Z - PDF Suspicious Link

AcroRd32.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" C:\Users\test22\AppData\Local\Temp\2025년도위탁연구과제공고문.pdf
3056

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Jan. 15, 2025, 3:03 p.m.	process_identifier: 3056 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x70f73000 process_handle: 0xffffffff	1	0	0

cmdline

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --locale=ko-kr --backgroundcolor=16514043

parent_process

acrord32.exe

martian_process

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --locale=ko-kr --backgroundcolor=16514043

2025년도위탁연구과제공고문.pdf