Windows Analysis Report
RP4ICG2DE42ZABHS_Nota n.19273 del 22-4-2024.pdf

Overview

General Information

Sample name:	RP4ICG2DE42ZABHS_Nota n.19273 del 22-4-2024.pdf
Analysis ID:	1430903
MD5:	7e47c958b1692373b43736de1dc29337
SHA1:	12e2bfd68f6f43b07e0693e67ffcdce95eed246a
SHA256:	ffc5639144a95a49708f5fa3dcff74f4cbf8e0c3d0433a741bb12528ff820fa5
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Signatures

There are no high impact signatures.

Source: classification engine

Classification label: clean0.winPDF@2/14@0/0

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt22.lst.8580

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\Local\Temp\acrord32_sbx\A91rqdk3h_hj9ru8_6mc.tmp

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\RP4ICG2DE42ZABHS_Nota n.19273 del 22-4-2024.pdf"
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: unknown unknown			Jump to behavior

Source: RP4ICG2DE42ZABHS_Nota n.19273 del 22-4-2024.pdf	Initial sample: PDF keyword /JS count = 0
Source: RP4ICG2DE42ZABHS_Nota n.19273 del 22-4-2024.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: RP4ICG2DE42ZABHS_Nota n.19273 del 22-4-2024.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

Process information queried: ProcessInformation

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

ID:	1430903
Product:	CloudBasic
Start time:	10:59:49
Start date:	24.04.2024
Sample:	RP4ICG2DE42ZABHS_Nota n.19273 del 22-4-2024.pdf
Cookbook:	defaultwindowspdfcookbook.jbs
System description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Architecture:	WINDOWS
MD5:	7e47c958b1692373b43736de1dc29337
SHA1:	12e2bfd68f6f43b07e0693e67ffcdce95eed246a
SHA256:	ffc5639144a95a49708f5fa3dcff74f4cbf8e0c3d0433a741bb12528ff820fa5
Filetype:	Adobe Portable Document Format (5005/1) 100.00%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240424090531Z-160.bmp	PC bitmap, Windows 3.x format, 134 x -190 x 32, cbSize 101894, bits offset 54	B51C6BC841BC2965E0BE8C34C676CA61	0CCFA12EDFBAE2E0F8604702D4347F494FE7C0AF	A12ADCA83632B7AD22CAAAF29ED20897DAD0D375451346DE162D9E640825B498
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages	SQLite 3.x database, last written using SQLite version 3035004, file counter 22, database pages 16, 1st free page 12, free pages 2, cookie 0x5, schema 4, UTF-8, version-valid-for 22	427B97C9D84680F9EC226D29566486F7	AC621FFBB9A0BB9F82E462CC2BA1C104DEC57E05	D3E11DCF8EC724F30DC5D02E67C07927C5BECEFE281AFEE714CA9D3AD7B4BAE8
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal	SQLite Rollback Journal	ADFCF51DFA9530FFC7CBAD49187BE3D4	6EC3E438481D9DDAD226BB65E3AAB712574FB0BA	2F19036FD25872C0F54BCC0222956CE01D117D9E0BD85C12535DCC3DE7D416E4
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt21.lst (copy)	PostScript document text	56E447DEE3234B51F4CB740B28D8E808	EC3CA5EDFD96F7B7A4134259E39B1AD76CFFF871	D5D86F909BF81CBA8F2473124E6111504DCC69547E7CE7775217ABE688A02EA1
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt22.lst.8580	PostScript document text	56E447DEE3234B51F4CB740B28D8E808	EC3CA5EDFD96F7B7A4134259E39B1AD76CFFF871	D5D86F909BF81CBA8F2473124E6111504DCC69547E7CE7775217ABE688A02EA1
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt21.lst (copy)	PostScript document text	56E447DEE3234B51F4CB740B28D8E808	EC3CA5EDFD96F7B7A4134259E39B1AD76CFFF871	D5D86F909BF81CBA8F2473124E6111504DCC69547E7CE7775217ABE688A02EA1
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt21.lst (copy)	PostScript document text	0D822282FD7C0480DCB2262B472D8AA2	B1673799A73B8822ADCECDDD66FFEBA173E52774	8C5D43C8451A2000938103DAE339040ED5D4E4A0E3E5A80FB846FBF765DD5105
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt22.lst.8580	PostScript document text	0D822282FD7C0480DCB2262B472D8AA2	B1673799A73B8822ADCECDDD66FFEBA173E52774	8C5D43C8451A2000938103DAE339040ED5D4E4A0E3E5A80FB846FBF765DD5105
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat	data	D5370854BF762FD366FCEA9FC2C3DB06	4E3A68EBC9056508A4A1A46CCE21872495AE1E9D	145B5CA07CD65F15A83B1FA3F3CC37D76ED937CFD0D1517A30BAF1E2FEF9D60F
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr81920.dat	data	229336FE2A0A88A8853323CDC037DF45	F9318FD12308EC153BCCB5AAA49CAACDB5F69623	08D2CA312202A6D76173B977C9B82DD08478300A6685C345894BD56491A28A46
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\TESTING	data	DC84B0D741E5BEAE8070013ADDCC8C28	802F4A6A20CBF157AAF6C4E07E4301578D5936A2	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\SOPHIA.json	JSON data	074495CEAA2EDAE4A3C2B7183B415DF1	536EA69D6284534537A8EBBB2F646F04284744B9	0270E9BEFD4BB94A2FD8882734FEFD26214E6E2FBBC89F4A79D82302A90A9C26
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store	data	B477F43DD1358C1AD5FBA461B976D6CD	39642F53383D15FDAB62DC299610A3BCDA3CDDF4	6FBA3ED73D2D73994CDEFA8B3A57C9052772FF8C3EB724B288B0C4F9249F6E9D
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei	data	622E9E5B7E58CE2892C286F4161217E5	0D773A479247071F622B36834BE63C9A012D04E2	04A4A1FF7077045427BFF34F2F0359BF1516D9C8D463BFD652E85B7FA269FFAC

Windows Analysis Report
RP4ICG2DE42ZABHS_Nota n.19273 del 22-4-2024.pdf

Overview

General Information

Detection

Signatures

Classification

Signatures

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Windows Analysis Report RP4ICG2DE42ZABHS_Nota n.19273 del 22-4-2024.pdf

Overview

General Information

Detection

Signatures

Classification

Signatures

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
RP4ICG2DE42ZABHS_Nota n.19273 del 22-4-2024.pdf