Windows
Analysis Report
MDE_File_Sample_c8baaba3954f190f1ea0f1d83f0609c9b7493cee.zip
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64_ra
- rundll32.exe (PID: 7136 cmdline:
C:\Windows \System32\ rundll32.e xe C:\Wind ows\System 32\shell32 .dll,SHCre ateLocalSe rverRunDll {9aa46009 -3ce0-458a -a354-7156 10a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
- Acrobat.exe (PID: 5924 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \AppData\L ocal\Temp\ Temp1_MDE_ File_Sampl e_c8baaba3 954f190f1e a0f1d83f06 09c9b7493c ee.zip\BIO LEGEND EUR OPE B.V._A VOIR_SCM52 00.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 7152 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 2312 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=22 76 --field -trial-han dle=1576,i ,379378666 8890330827 ,682026697 7843083251 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: |
Source: | File created: |
Source: | Key opened: |
Source: | Process created: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Window detected: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Rundll32 | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
162.159.61.3 | unknown | United States | 13335 | CLOUDFLARENETUS | false | |
54.144.73.197 | unknown | United States | 14618 | AMAZON-AESUS | false | |
184.31.60.185 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
184.31.48.185 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431750 |
Start date and time: | 2024-04-25 18:04:16 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 18 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Sample name: | MDE_File_Sample_c8baaba3954f190f1ea0f1d83f0609c9b7493cee.zip |
Detection: | CLEAN |
Classification: | clean0.winZIP@18/35@0/35 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe
- Excluded IPs from analysis (whitelisted): 184.31.60.185, 54.144.73.197, 18.207.85.246, 107.22.247.231, 34.193.227.236, 162.159.61.3, 172.64.41.3
- Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.191959933905742 |
Encrypted: | false |
SSDEEP: | |
MD5: | 22F4C5E2F624AA9FA38EB3721CB9E59E |
SHA1: | 6B260F3314FA530486AF42D496ABBD9379F37FC1 |
SHA-256: | A19ACCA9BCEAFEF69BA06580EDE9BA361A441510F1B506468691C6230B539637 |
SHA-512: | D64C1FDE41B181AB56A5C72598B7EDB4750D3403DD72FC82B02CD08085425CF022053C7D82189FAC825AE78969709F1D732FFC0AB848B23BA0C9287C56CEDF14 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 331 |
Entropy (8bit): | 5.177052714633969 |
Encrypted: | false |
SSDEEP: | |
MD5: | 231C4E7D7639F98384BA7026A1EBE39B |
SHA1: | 5FB9A8E02C3DC5FBA71A5A394A0AEF055A92952D |
SHA-256: | 45549575A345972BC9AF4BEAEF6917093AAF42E669ED175CA25AEE0EDE9D30E2 |
SHA-512: | 47490E933F76B94CB5C7751609C619254572912E4B91D261AA1CA28CA91A11FF217D5B85E459A048A3AC504C7B23AE642FCEB3ACF1DEF00AE96A599C5A9821DF |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\229c939b-7ff7-45b1-9dbc-d35750dd27b5.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 4.969772599375848 |
Encrypted: | false |
SSDEEP: | |
MD5: | FCD1B4420A3714FDBE2ABA35A6F6B615 |
SHA1: | 95310D82D22C7158B1A20E0EE6B1A78457681C64 |
SHA-256: | C59A15248DF261997E4D93014E15C7535FFE1015D2CFA8D10EFF6113C0C9E372 |
SHA-512: | 954BCB21628EB1365609B55998D75E9C4173D8AA4BF0540AD43FC2F7CACEFC07F8C8A449C77943A5E088F9C5CD3FDCAF9D5350692D61BE4B7D23067131135E8F |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF466cfd.TMP (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\e815a980-aad1-4f51-b8a0-a9cb8649de67.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 403 |
Entropy (8bit): | 4.953858338552356 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4099 |
Entropy (8bit): | 5.234077554974233 |
Encrypted: | false |
SSDEEP: | |
MD5: | D3DB40E91EAE9EBB3C86F787ACDD4503 |
SHA1: | 6645101C336311CD86E0503E6D158E120D456F5F |
SHA-256: | 5914C730740354049E376475B020445391F3436E88607C6369E5369852A9B275 |
SHA-512: | 01EEF5E306A689835235D130994451D2A50FBC022796364DF3436FA383398257A50FF8D761EA67681799188B0FA2CEAB03D9573499DDD05BDB8A48DE33444A24 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 319 |
Entropy (8bit): | 5.180509354645929 |
Encrypted: | false |
SSDEEP: | |
MD5: | AE619EEB75E8CE6E1DBF93A6BEC20439 |
SHA1: | FE6FB38103A18CBFF5F17662BC88A69332E9A704 |
SHA-256: | E169F7D61C5E4279A27FF6AE99677CEFC5B5DB2D929A84C3A0F954F1691AF59E |
SHA-512: | 12E39B7ED371D8462F315C55A5A3098D7531C5EDA95CDA1BC7499C85A3591D1F9A27F3039CDC0CC9DB861156585FB04BBEC09E50F427E489913853FAEA432412 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 57344 |
Entropy (8bit): | 3.291927920232006 |
Encrypted: | false |
SSDEEP: | |
MD5: | A4D5FECEFE05F21D6F81ACF4D9A788CF |
SHA1: | 1A9AC236C80F2A2809F7DE374072E2FCCA5A775C |
SHA-256: | 83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2 |
SHA-512: | FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16928 |
Entropy (8bit): | 1.2132939896472903 |
Encrypted: | false |
SSDEEP: | |
MD5: | BE7247DED0FF61F50C37D49388A43BC3 |
SHA1: | 98D70433B84429D04002CF8FBB6E5E5C5A9A8F6C |
SHA-256: | AE7538461D49FCA9A10C99991C0C8F255C1E1FCE483B7796062C935BDE1E343A |
SHA-512: | 205D3DDA396BBE009A7ECCC59CC1B6FADA42A8457F5A884BA4F1BFCFD2E0F4C7C0A426413656EC893EC2A21C9EA709EF1A97D1D5C1CC9802E9FAE40B8F83F082 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.3472146479511435 |
Encrypted: | false |
SSDEEP: | |
MD5: | C89447C536B4C8A93A222C796D78FFB1 |
SHA1: | EA5B3DB005B5204D0393CEE424BA3C9B698CDEB0 |
SHA-256: | E50F0D3C8FCF9BAD1E0105868919BA2FB2240FF57B320A822A5C6FA78E9C9AAF |
SHA-512: | 6CAFB18BFF5402EA43307B22FDBBE9357222318A0971E0C285C60CF61A7F3402A385BBD9052E8A7465220492CDDCED4B3A26EBB2DE655C2D1EECEB6F735BD120 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.294353997375454 |
Encrypted: | false |
SSDEEP: | |
MD5: | 91092923924ABC1C4A292970557BC9F0 |
SHA1: | C5EC61CC7932ADEA70E0C5D9B64437F1E4318CCA |
SHA-256: | AB36208CD2A47F058C22D7E9BA29FAE1A7B80B09BDCA8FE212EB9F97F23027B5 |
SHA-512: | 182142F0B77A021B1684CA7A991EA391AE37201FF1E020B6F83D26B63C7B6CF6BAE51C080558F3032F1AD3DD82439B51C465704D9BD480D4E8647FD5DE8843F9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.271764260086229 |
Encrypted: | false |
SSDEEP: | |
MD5: | FCAAA9E40EF9781F0FB0DA1FF79DB2D5 |
SHA1: | D5B60B2DBFF8C3273CC89EB4DD8F55111F967891 |
SHA-256: | 10F8272F7B1ABA7EDDC8998AAFF2462014A54DF597C03476E6B96D16B752D387 |
SHA-512: | B18DAF688D7F878AAB12A5C2BAC3A2602F36A1B6D28CE4B677E9F239EACF3245FC0946DD90EC665B623ED0C466013CFC80B0C74FB1B3EC30FD54794EF18338BE |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.335028214293331 |
Encrypted: | false |
SSDEEP: | |
MD5: | C5A50A74BFED0D7431045A0E7A63192F |
SHA1: | D5973373ECD15CB87406D41A4E17BAC268895274 |
SHA-256: | 954BAF81FE62FCD7114642A5305AAD166D4140D2D5B4982A6DFDA97CF4BEB711 |
SHA-512: | 83F988127D165F45CFA2C8D991A29DB08362F75C06D6795BF7AEE041B5FEF653DF481A693A29B1DA9524A2F8C1D6EDA2D703E4AE781C8A171F3A13EAD21ACBBF |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.298440520659888 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2656A58FC6899CF267A31905792DEB45 |
SHA1: | A781BA56B55B2516861614AA73A6D5A35B514B1D |
SHA-256: | E4387F2CF0E85B4EC0B62BCF18D16B9F4542F2CCDC9BF6E5D294CF2C47BB23B5 |
SHA-512: | 26B707AA9154D782DE93965F609C5680A653FA1CF5E1A56201D1489DACA0BF297CABEA1804CB3CAC9E86FFBB32DACCFD23EB4B5E1D2FC64C39F46A521A8F9E36 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.283951636458784 |
Encrypted: | false |
SSDEEP: | |
MD5: | D3E9DD7B854C6C0B5C380F7F60BB289C |
SHA1: | A288562C248D0AD9DDA163A079AD1D515D1C499D |
SHA-256: | E9C37DB9588C5D17186F5557BC2AA086826940D5FA4EC7FE52D63A1F2F4B811C |
SHA-512: | AE785FB0AF50FF627E735BFDCFF426359E484B9D77D013CE8BD6EF80C20A477281CB0B52FFF7E34CBB31CF863028F7D33A949FEAAAAB506E62FAFAC8214A9FF3 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.286768769048953 |
Encrypted: | false |
SSDEEP: | |
MD5: | 756D5063E4B9E72FAF42EFA3FF512980 |
SHA1: | 75FCDB6219F220B6C2DCCA998FE385E891A3C445 |
SHA-256: | 099B1493A1EC94075D8318C89C24D076DB85FD098BAC68DD3157384104AB6FF8 |
SHA-512: | E006306D0D66EB9601E98941AA3F9BCEBC13654E6A44B2E684A6BF0852D84E3AC6B1A73E2E97FE151C0192C6D15D61D6C492AAA1E8A6EF2620A9538E7F0FF861 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.296776546636919 |
Encrypted: | false |
SSDEEP: | |
MD5: | 96B28E025EFCE5071C883F99D0CD38A0 |
SHA1: | 7E189B5A814F7D864C595F128EB56CC755D2CD9F |
SHA-256: | 370E7E1143101EC8849A4395C3547846FBF6741806F6ED81762D5880BC145774 |
SHA-512: | 04B627987AB7EC1086588960D82CCE750EA1BCD0F969D4192BAC26A87737293B39775D2CBD6604794D044166415E2E3C9240FD8D9ACB1714D7385FBAA4D2A36E |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.737426220892139 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9E6439D26CFF9FDF6C958D9DA7F66596 |
SHA1: | 7FD8320DDA0BCFB453623059F3C0EF58495B0C29 |
SHA-256: | 15343600274CDCC2CB9CCA378DE3148F3E68AFBD26C3F69E8C54314E9540DFD9 |
SHA-512: | 47AD1A05663CEE46025FB8F61185619ABF43606682070FFEDEB1C79A83F7380ABF435541C2BBB207F0E98459F2D272B67BA9FF83750ECE17BDDAD9422EA27C26 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.291497631231739 |
Encrypted: | false |
SSDEEP: | |
MD5: | BDC217B4001B45FCA3FC515C39491B8A |
SHA1: | F8DCC8B0DF9FFDD170D6E265A598B10E0D5B1405 |
SHA-256: | 2D49A59CA7E49977EB7A744D4297834149EC08AEE097318A7DA32A6675D61B11 |
SHA-512: | 3F42B9E8DDF3DE4A1AF6399257536A2505AF9DEB8A7A526198F804823D668874BB4D20FFB9B501E5E138AE5A57B118A211254F3FFE433D9A6730560741B15A87 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.773810100302929 |
Encrypted: | false |
SSDEEP: | |
MD5: | 6F7D15CFB4FF6284DFBEAC04F4E2C527 |
SHA1: | 9118FF899C4DF3B6510AED7DBE74EDBA050DB99C |
SHA-256: | 8CD7D2C6110B6F33CFC0581681A8E2D106402CD3A578E986BA53558463D37E33 |
SHA-512: | A8EDA7F85433ED129266EB26FE978C660B99AF87AD740AA95CFE6D75EDC76C1A7B2F1B31659F31E2C65A4FD42A671A906CEFEC28079BCAC927D42F1052138BD1 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.275103164429784 |
Encrypted: | false |
SSDEEP: | |
MD5: | 6E6E8776963AD1234FCE59CC10DC7583 |
SHA1: | 984CFF2F3CCB06C8925C6EAA7B30321850D85C23 |
SHA-256: | B1AECF4CCDFE8212115399990634C624E9E7DBC43D3E200F4DD23C8E6A493929 |
SHA-512: | 95B0FA8DA6F5207EFDF9865E759F84525D4C93869DC6D49938086AE9828901341DAEB52E59EEBEFF9C614A8FA2CD56FB9DF7F8CE1E64D55C74F9A826A8BDD2F1 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.2783667992626055 |
Encrypted: | false |
SSDEEP: | |
MD5: | 106A4FA3D022E715883DFAD1C54906F0 |
SHA1: | 432F3EB7E98F5075A46A7059EDECC3E75B3772FE |
SHA-256: | D4479E4BDBAE2DA3176E1807425D71A473E2F760D04D9A442DCABF9B3A0840FF |
SHA-512: | BA2002909B00C6DFF7C7B70542EADCBE85D9453B103C569A9FF35460AE4F607D877EE10689A961E6432E83C1F93D3DD17960503DA3FD75AB2069037A30931FD4 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.298332759989887 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2CA4438DAC8D4556CB7D9D8ABD062EF0 |
SHA1: | A81CC6CE371809F2F4C38D79E750450638F858BB |
SHA-256: | 5558D14C596F5736A067EA6D0B16A9E23E0EDD942EDF8AA1A25F92160EC1DBBC |
SHA-512: | 28A29743F028C9336E4F280CDF7F765ECDB656E40D199E21288BE7EEEBA271909AFF738C558D1A873B5427421F96BF3C693CFA2F9C4C36CF064E5DC5A2ABF622 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.256264055316577 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8377A465A9414BB990AEF1D754A241B0 |
SHA1: | 0EC12B16C1B81578D53534B0BB3D3D27FCEDC903 |
SHA-256: | 65792A8F3EB4C15D7E55F7EE3048992C7BAAF7CDF36AEC42E237D429AB3873D2 |
SHA-512: | 0F71CA2F3AF446AC0E291A82B83CBC4888ED2FEBD835AB3B815898CD1E37296B4964FAF496DD94851BFAFE59D472F6C97A5B0E488DD85161507E70E83C5312FB |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.359489545254686 |
Encrypted: | false |
SSDEEP: | |
MD5: | 68938A73DA7C0D5CC9263758F446B333 |
SHA1: | 1B2BCE8EDC96A61BBBD8655F2F05C904CD5B5B38 |
SHA-256: | 1B34E00C114F5340DA1739C6F19B16A91FBD1A6E2A926A0834F62F72BABD9169 |
SHA-512: | DD62A96CFCC4569FABF0527130EB4FB1153E7D1406093F84AAE3ED51F79764CFFC6923B851DF9C94DFBF25C9D399D38752E8A4FDE49809B21CB320039E02B877 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.127469990884224 |
Encrypted: | false |
SSDEEP: | |
MD5: | A5B3F69EC40B9F33DFA1F3B3B98863F2 |
SHA1: | C75FA3E42ADE55C22BDECBDE747946C84252D79F |
SHA-256: | A22C4E8C52BBBDBC072F2F8317C4168A1167D0C60A1927000C2C1441AD15E834 |
SHA-512: | EE3B9E5FAC684EEBB0968CA84BB70D9E1178416D745BC41B13BFC4C9F6410846C17C461BAFFCDA18AAF21FCA1B4A76FC22FD2192B0A0B727A1A6316080D3E172 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9876983315937309 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3DBFA76DD407C9066C0AE69BD50FFFB7 |
SHA1: | AFDB34678BA7A0D0698727FB34384D6063630777 |
SHA-256: | 66B428371E4D58BC9C8BC757117EC4C27916F28C4FD747CCB86D9957831C129C |
SHA-512: | 5374DF5C6A6EB271A3FE95E36FEA41BACBEA48C2396E0A9910E24218911CAB5EE96C2B87AE8772C39FF2B4DFE5EE2013C7B43EF95472DE298999E0784436B8C4 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3431152505081891 |
Encrypted: | false |
SSDEEP: | |
MD5: | D2B5551143B18EF0585A2D262804D936 |
SHA1: | A028E0B711CD95E617B1E533B266FE4628571CD3 |
SHA-256: | 4F7523962367B7F6CBFD327C33530D957A9002BDA77C1C576B35ED28DCDF8ED6 |
SHA-512: | 490AA0A1D33A91C6DD0FF1531A2AC48F9B3FC6C92464D8E979C1A3E0A22CB9C70A167518700EB4A416AC0313E6A2FFE54927EEF75BA16BF5A79C11476B95A497 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.522811667751431 |
Encrypted: | false |
SSDEEP: | |
MD5: | AFEB25E07B622BBAC6A5ADAE19F67264 |
SHA1: | 8FF7CC3133855EB82F041672FA4DD2C73988DEBE |
SHA-256: | 42E6AA896BC9310F898506817A587E58B22D83BAC3BC39135706FF94813BCFDA |
SHA-512: | 46B189DB81198AD740F8A4C84D4209224D32E3352575540C7336B838EB60C7ABB22DA6BB93398B1D37E76F9B7F52F3BCF2A07C219F4B26BE2D3836685CB1C62B |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-25 18-05-03-394.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.353642815103214 |
Encrypted: | false |
SSDEEP: | |
MD5: | 91F06491552FC977E9E8AF47786EE7C1 |
SHA1: | 8FEB27904897FFCC2BE1A985D479D7F75F11CEFC |
SHA-256: | 06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB |
SHA-512: | A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.418246438952093 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2368A5C5360F3CE1C5B71DD9D2AB19AF |
SHA1: | ABF9BE990256C3A701CA803DC972777625129411 |
SHA-256: | A730130F530D4C2430A455A867FEF8496082ECF7FC4D1E8261E69F0475776F9C |
SHA-512: | 7DBA965DF290C1E18BCE9F5A4D9DD0645060A426254CF81F0BADF4A2F5230BD8CD99F3AE27C1A2AC1AE172994730E7E5D179646A8DAE9DA6C88CF06DD493538D |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | |
MD5: | 1A39CAAE4C5F8AD2A98F0756FFCBA562 |
SHA1: | 279F2B503A0B10E257674D31532B01EA7DE0473F |
SHA-256: | 57D198C7BDB9B002B8C9C1E1CCFABFE81C00FE0A1E30A237196A7C133237AA95 |
SHA-512: | 73D083E92FB59C92049AF8DC31A0AA2F38755453FFB161D18A1C4244747EE88B7A850F7951FC10F842AE65F6CC8F6164231DB6261777EC5379B337CB379BEF99 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | |
MD5: | 22B260CB8C51C0D68C6550E4B061E25A |
SHA1: | DF9A5999C58A8D5ADBB3F8D1111EAB9E4778637E |
SHA-256: | DAB1231CC22DAB591EBB91C853E3EE41C10D3DA85D2EFAB67E9A52CCB3A3A5A0 |
SHA-512: | 503218D83C511A7F7CEA8BC171921D1435664B964F01A8C77DC0F4D0196DD2815D9444DA98278E1369552D004E9B091DD9B89663209F0C52ACB97FCE6AFFE7A9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Reputation: | unknown |
Preview: |
File type: | |
Entropy (8bit): | 7.99588761855059 |
TrID: |
|
File name: | MDE_File_Sample_c8baaba3954f190f1ea0f1d83f0609c9b7493cee.zip |
File size: | 52'260 bytes |
MD5: | 03607710715ad3f38b5eda1f7c7575b2 |
SHA1: | d05df273f0071c1ed68dabd497b67260506298ce |
SHA256: | e3bc8db50d87afc36ff6d3fb7f36e3f514978d1bdc28f7603ab2ed4736dc3036 |
SHA512: | 4f151f92290c182b6bad88a3a7d0ebbcb220ef5aff8196c6bab05fba072811e8fe0a9d5ed474fc6148836956dc8dd1c9c66bb23242ae5a29740e77c69b89f164 |
SSDEEP: | 1536:t2MSAz0yGTa49jKFAZSslkv7VHvsfiHcCs0OAsb:sMrzD4pKFbslkTVsicCPs |
TLSH: | 4B33F2B137519268C6F03226E555F3B880C7783AD5AA329C893E6C7160DE35C5FB3E90 |
File Content Preview: | PK........k..Xb>..,...;...'.$.BIOLEGEND EUROPE B.V._AVOIR_SCM5200.pdf.. .........{.>.*...{.>.*...u.>.*........KO7*.....C..r.....M.......X.&.g....9B......k...1.|..+L.^..t?...@.....X....X..K$...*.#9....!..3>j.......Ma;>.Z.f)>.W.^i.........D/...............i |
Icon Hash: | 1c1c1e4e4ececedc |