Windows
Analysis Report
E-statement_TVT_7855563201716.pdf
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Classification
Analysis Advice
No malicious behavior found, analyze the document also on other version of Office / Acrobat |
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis |
- System is w10x64_ra
- Acrobat.exe (PID: 7016 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\E -statement _TVT_78555 63201716.p df" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 6180 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 6376 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=22 68 --field -trial-han dle=1568,i ,697450634 3822097808 ,312920178 1754671408 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: |
Source: | File created: |
Source: | Key opened: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Process information queried: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.46.240.131 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
162.159.61.3 | unknown | United States | 13335 | CLOUDFLARENETUS | false | |
23.220.188.152 | unknown | United States | 24319 | AKAMAI-TYO-APAkamaiTechnologiesTokyoASNSG | false | |
34.193.227.236 | unknown | United States | 14618 | AMAZON-AESUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1426957 |
Start date and time: | 2024-04-16 19:56:16 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 17 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Sample name: | E-statement_TVT_7855563201716.pdf |
Detection: | CLEAN |
Classification: | clean1.winPDF@17/27@0/43 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe
- Excluded IPs from analysis (whitelisted): 23.220.188.152, 34.193.227.236, 18.207.85.246, 107.22.247.231, 54.144.73.197
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, ssl-delivery.adobe.com.edgekey.net, p13n.adobe.io, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: E-statement_TVT_7855563201716.pdf
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 290 |
Entropy (8bit): | 5.264492697252069 |
Encrypted: | false |
SSDEEP: | |
MD5: | F42E2E73F42E8DC59CF6404165F600E8 |
SHA1: | 7C41D32EBD13BA3803F018E9102BFBD4FE1B92F9 |
SHA-256: | 37DC5D43B70A9725F9919E1FE8194D2F3151AA94846507E6510179AAB8FD1425 |
SHA-512: | 621E081187E47851A2642EC47C2CBFC5B7D749487C75171C0117753840049A4E04EB9CB51EF40BCF233753985932D635B152FF9181AF7A42D60018C5B491E81E |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 331 |
Entropy (8bit): | 5.230445836469552 |
Encrypted: | false |
SSDEEP: | |
MD5: | B583DE90668D45F93187402F356608DD |
SHA1: | 8BCEC6C5F3D76B80E24D2AEB2BBB909D9DAFAF2F |
SHA-256: | D2FE6BE8EF2402EE005B2BF94D6EC17C2840E8C5DD0675BEB8CB83DEB3B8E97D |
SHA-512: | AEEBA8A721CF8239DDB50B30768078CD68F946B6DB3E7BED6385BA98F7581E36554C1E128AA9D55929D500F13ED14BDF50D99FBD0452B21D07D75A93D038244A |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | F05C6F54BACA71F5E2098A055BC40F11 |
SHA1: | CBD5D20D3765E9C16EED6964ECD0B656159B8A26 |
SHA-256: | 6961A426057B5D196C9E22C07CA67CC919962B1DBFAC28F974515561A028582C |
SHA-512: | 3A69C6230312A36E5C6BFB5156E89A195FBB812C6E810DB7AD44DB9DC3BC6DB7D50794765B6AF2A99401AA8E3B8DCF4C7D9C9DBBB2A3240D42B92D4CFCB1B611 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\bdd27cdb-ebb3-4e58-93ef-98895f18e3b0.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 4.989566426705118 |
Encrypted: | false |
SSDEEP: | |
MD5: | F05C6F54BACA71F5E2098A055BC40F11 |
SHA1: | CBD5D20D3765E9C16EED6964ECD0B656159B8A26 |
SHA-256: | 6961A426057B5D196C9E22C07CA67CC919962B1DBFAC28F974515561A028582C |
SHA-512: | 3A69C6230312A36E5C6BFB5156E89A195FBB812C6E810DB7AD44DB9DC3BC6DB7D50794765B6AF2A99401AA8E3B8DCF4C7D9C9DBBB2A3240D42B92D4CFCB1B611 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4099 |
Entropy (8bit): | 5.2341032271761625 |
Encrypted: | false |
SSDEEP: | |
MD5: | B7C32E8DF1260033D57F9D607FDBCCCC |
SHA1: | 4B50390ED41C08EA2CB239AD4189D58667521272 |
SHA-256: | 1A68ACA82E61BE7030AA9C8C53861398FDDA6B186E9A6C87FFCB36976CFE24B8 |
SHA-512: | 6A21248FB17D0DB7990A9494C7428ABD2B05F545B4BF1E0DE6CAE23F55FEF210826837EB8971299913639E865B2FBCCCC06E50091EF395E0B0B313317C51A054 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 319 |
Entropy (8bit): | 5.2135479910539955 |
Encrypted: | false |
SSDEEP: | |
MD5: | 1D75C6F87FBB585C904219B4017536AC |
SHA1: | 50A4C7C03E31954D15237DDEEC6DA5FC66A7F4FD |
SHA-256: | EEFE578A49AB2A93F55D2B0FF3F005874DF9BEDEEEDB31A098A918279142602E |
SHA-512: | B00902123C1ACB263C74CF1048436AF55349E121737271A87DD4E892D7509A7C88C0EE9E32661CF0AEDC010126B99EC42585AE2FE555424780C27F7D5CE3248B |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240416175650Z-159.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 0.010281203479617362 |
Encrypted: | false |
SSDEEP: | |
MD5: | 00DB8ECE00238719F9D531102091F31C |
SHA1: | 2C93F28D42D242532093FAB1BB7DDE33EEE810D5 |
SHA-256: | 95444CF39A1424F48C5D069EE1F263B613F89D22C379C4A2886F6FBE160BC00F |
SHA-512: | 4DE0801AAB1297B9B6A4BF85631650BAFB042F1C211D2C012D601F8FDB7836FA6AD5B5D04B0FE1F4CF50D987C94B2ED6B5FDB8A3075BAC7D30D9FD8CA1840008 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 57344 |
Entropy (8bit): | 3.291927920232006 |
Encrypted: | false |
SSDEEP: | |
MD5: | A4D5FECEFE05F21D6F81ACF4D9A788CF |
SHA1: | 1A9AC236C80F2A2809F7DE374072E2FCCA5A775C |
SHA-256: | 83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2 |
SHA-512: | FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16928 |
Entropy (8bit): | 1.2146269927299913 |
Encrypted: | false |
SSDEEP: | |
MD5: | B0E68ADA6E14E8A73F7BB3695AF47C27 |
SHA1: | 6599D5B3D05691F406811D95C15DC106705CC4C4 |
SHA-256: | 8DB0DDE6DA0A2D9A258AF6FA448722B04EC334CEE9C5E3A0010F94CD6BADE8EE |
SHA-512: | 1588DDC568114B9621D5CCAA1A5CDD107E76873635588766D814AD04C4D1E25C52213C070FA92CCF602399908F29D484ED1B2A60B7F09089A67098FCD55C8993 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.383562775276509 |
Encrypted: | false |
SSDEEP: | |
MD5: | 98E2BA2B550663E9062145FD710FCF91 |
SHA1: | 9B8D2B6FF467AD585A610C84EB5A002631AB5BD8 |
SHA-256: | 06EE201D48E611F528EA7296ED40731D0EA654CF84D051FC2F83D74A749E4DBC |
SHA-512: | 7A616B0AAD35D667CC52498C6745EA5CF3149B917981BA514F2D32894D16B9A7E0B2F10D9F772D72F997277F27CD3F7A03C601C3008C332E9B7C856CFDB59814 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.330820450975427 |
Encrypted: | false |
SSDEEP: | |
MD5: | A3C9C0FA0B10AB31C8BD21447F2CBCFD |
SHA1: | C30D4BA9E7EAE9B2827FD5F84EC1546AC52CA233 |
SHA-256: | 746B22E73E10EBAAD3C6756030B1644A795A7E5F2F8A99D36F4C77D8DB7664A8 |
SHA-512: | 667326F8E0DA0A8375780006EB938601742D5A74490127F8EB908A788E2FCB111EDB4DABC2F69599A9668FFF410BB26B8A6AD72F37B7A9AC77BD3BD10297FF18 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.3090799463332345 |
Encrypted: | false |
SSDEEP: | |
MD5: | 02FCF3B8F71434D59C7FD13561DB473F |
SHA1: | E8F6F1857962F897ACC5F9AA247ABC599CC8BD15 |
SHA-256: | A7B56317EB969A76445C8E5DDA6441D7459AA7DF77C49926FFB2ED76EE509B42 |
SHA-512: | A6783CED7A76F3724F1F8594E0AA7D074E65A671EF3404AC094B8FC74D856DAC351CC7C82E657A7E14E9758C64C332D9BC703D8D84F8C26CC7980F0D8BA51511 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.372651714507305 |
Encrypted: | false |
SSDEEP: | |
MD5: | 98964AF0360E45BF21CC9F4D707A5734 |
SHA1: | E5280921F46E1E08C5AD7F04D88DBABDF608E898 |
SHA-256: | DB0584853A6AC8AB3939168A74CF8B52D5238CF8F626C2F3F223745A3509D9D8 |
SHA-512: | 7804F5CFFB480F3D5293F554A5C6046F3F3CF408F0D2F4196F69AFB79EA00078F462CE0154DAB8EC8F26CBCDD6A4B0D026A06664B573A3192EC141A578B50DE3 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.309302407333528 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9BDF0DF3BD57C29B50F6B68AB4DFA279 |
SHA1: | BDEF35C6D534222273EDE0FBB215CC70216B86F4 |
SHA-256: | 77D8E8414FF6C8A3E0D802C403FC849495AD6F6125A18947D5B97D2F91479B90 |
SHA-512: | 5EA2A6316FF464E1826F6DCB008B61F8BCE9780C921791D019488457BF95E6CBEEBECC4210E531E065ABBAB712FAEB24DE4BB4C4C8E1C75C1FD6529669BE7F36 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.313042686666751 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4918BEC279E60C320C10EAEC6A9616CD |
SHA1: | 505AB5F45EE4DDAFE5B0E759342A294BFE7B593B |
SHA-256: | F275D37A16128CF950C390B15BBB06F11D717BD26C42D5495BC4C67EDFF523FD |
SHA-512: | 181F9FB991B0D31A4CF813DEB160A4C3A92D1DAC49E72B8BE95FB45445F051F6CFDC2DEDEF177FFFAB21EC2C9A29C3FF690391E1B7A0D4CACC6BFE7F98FD5E80 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.287629332621823 |
Encrypted: | false |
SSDEEP: | |
MD5: | 601DB76F629A40CBD98F69C97F40AE16 |
SHA1: | 2DADC15D74AD3BB54E13581F191B3158081C1432 |
SHA-256: | 85523B80A327A79703331365312475862B79E8E5E62BF545A703178E925ECFEF |
SHA-512: | 73482A8D91FCA7CA30ED5D54CAB18F167198CA202A65DFA6CD1A347AF99CCE0B6AA4478A6E3F08E1E8D9B6835ACD193798ABA017A9FD46701B155B442B654523 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.118432054832966 |
Encrypted: | false |
SSDEEP: | |
MD5: | 989EE020CD3ED8B8ABDC5958A3A3C966 |
SHA1: | 446D64287B5CB4DA8122D48B137613CE97338C99 |
SHA-256: | A5950682805304F98CCF92ED39947C4425922605543688C8F0689F7100300A3E |
SHA-512: | E24D1CAECE40C4E68D4E861D920373126CD36E78433C121442EEDEAF4ABC4B910CEF659C4D268C97D7D9A928C5FADD9555F15A5597293A3D66830E8506D8DFE3 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9884027467573456 |
Encrypted: | false |
SSDEEP: | |
MD5: | DDF4D8B9CB79E7C2EF8A4A5C49090DAD |
SHA1: | BD1B6E42C712DB09CB776D67A2739B98DB21429E |
SHA-256: | CE39502F8022D3D8E3E0E3467EDBD3561645F1248E9FDC646EDC21D8D02922D3 |
SHA-512: | CF5497BD071EECBDFC17EB6734230AF7AE0FA2F4097CEB60201322CF6A8B204E5475D654E6225D1A4903EFECF3AD6DAE8F85E282FD6B07C9E85A79989174AF61 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3455024369250954 |
Encrypted: | false |
SSDEEP: | |
MD5: | 53E9B0ECD5F16A43514E996BE4CE64A8 |
SHA1: | 82EC3B60B84640D0723649A38378465CB84BA6B2 |
SHA-256: | 0D6D7B90EA9D4E4DEE0C4EC74889F0CC3C641AA69016996747B85EC7EE8AC3B9 |
SHA-512: | 4C0CE04C005F0042B07279E03C1DDF3B5BB72F738B355EA269C5D69CD11324D9E6F809F608C0B34614B0A57EEB5C82BC8E28930D116635214BD9D7797BA3FDD7 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.54720191165387 |
Encrypted: | false |
SSDEEP: | |
MD5: | 1A2C60E0C7D0609C0B3EC68752688F91 |
SHA1: | 3CAF3C256FFC561FC10E1DF10A22444247F671A2 |
SHA-256: | 410B385EBB8F3988BDB192A1510C2CDBB09C8D9C96538B8C2F747DE93F425488 |
SHA-512: | D55AAF3559FE5A94FAB5CCCB61C92C95036A7A5FDAC5F8A17FF62C0D3C20CB8AC774B3B50779F44E451A2471979C7D23A36A1DC86904E8BFA03EA30413685E67 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-16 19-56-47-840.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.353642815103214 |
Encrypted: | false |
SSDEEP: | |
MD5: | 91F06491552FC977E9E8AF47786EE7C1 |
SHA1: | 8FEB27904897FFCC2BE1A985D479D7F75F11CEFC |
SHA-256: | 06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB |
SHA-512: | A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.426537827516004 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0457B83E6FC352FD1EF3FE73F65A270E |
SHA1: | 95A1D07D2FD65A774B3EFC3EDC732C11F9A537BB |
SHA-256: | 269153CE42450714019B48B71DB236120484F52D1F241A5B04660FC563895EB0 |
SHA-512: | 9A47FB58274BA08F6CE68B16EFC589766F72C3D1875E5E191039903E200ED542738D8263F581F8381659D5C54B2331DC571C324A07236C52CC29BBFA616DAF94 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | |
MD5: | 1A39CAAE4C5F8AD2A98F0756FFCBA562 |
SHA1: | 279F2B503A0B10E257674D31532B01EA7DE0473F |
SHA-256: | 57D198C7BDB9B002B8C9C1E1CCFABFE81C00FE0A1E30A237196A7C133237AA95 |
SHA-512: | 73D083E92FB59C92049AF8DC31A0AA2F38755453FFB161D18A1C4244747EE88B7A850F7951FC10F842AE65F6CC8F6164231DB6261777EC5379B337CB379BEF99 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | |
MD5: | 207450D6B117C53B842582BEE9AAD59C |
SHA1: | 1461AD75274ACB600EF67AAD4621C3E949D894F8 |
SHA-256: | D92A0BDDEEE3AC93BFC5490300394E0C8FA0FC1DFADA8A36CA146EEF262142B7 |
SHA-512: | ACB129346A9A6A0E7B367439F8D937B6506E9097CCAFF9EAD9AAFA362CC47E0074CA0E9A09E1BDD5EDDFFE9C1C497113FE7EAF75A1505E0BBF59F61DFAA21410 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Reputation: | unknown |
Preview: |
File type: | |
Entropy (8bit): | 7.608188833544956 |
TrID: |
|
File name: | E-statement_TVT_7855563201716.pdf |
File size: | 22'842 bytes |
MD5: | 418a36afc8429c6ce3ac8f6375aa7e0a |
SHA1: | 51cf287ed2f761a01a1ac2b1a3dacbde606e592b |
SHA256: | 8638e1d486d21cae05baa6ec5ff22d1973c211f37d40f2f5bb48c8267bfdb891 |
SHA512: | ceee11fea397e8ab55fdf657b621db25d304ddeba2aef62cf772d873f37f1313402ac0fda310915c8354082c57c4e063c93f92520c514018d92277a0c0465a14 |
SSDEEP: | 384:fYxOA/rRLvfqKHVhSUQZXV5gqgCUSCBwo1P6Ywsguhd1OgVwGzIRMMPfCUSbvMwY:fYICNLvfqKH/H/7wM6YwsguhfOQ1V+8I |
TLSH: | 67A28E35DAD92C9CFCD3870171A1795A487DF1138BD0A59338B54B09AC4A598CE72AE3 |
File Content Preview: | %PDF-1.4.1 0 obj.<<./Title (..)./Creator (...w.k.h.t.m.l.t.o.p.d.f. .0...1.2...4)./Producer (...Q.t. .4...8...7)./CreationDate (D:20240416101209-05'00').>>.endobj.3 0 obj.<<./Type /ExtGState./SA true./SM 0.02./ca 1.0./CA 1.0./AIS false./SMask /None>>.endo |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.4 |
Total Entropy: | 7.608189 |
Total Bytes: | 22842 |
Stream Entropy: | 7.917415 |
Stream Bytes: | 17556 |
Entropy outside Streams: | 5.075537 |
Bytes outside Streams: | 5286 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 40 |
endobj | 40 |
stream | 9 |
endstream | 9 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 3 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |