Edit tour
Windows
Analysis Report
Fatura.pdf
Overview
General Information
| Sample name: | Fatura.pdf |
| Analysis ID: | 1665477 |
| MD5: | e78ad10c268ff00f51941716e59d8b0e |
| SHA1: | f5d14e5b8915e69c583b8a4ee2ad28b2a9fd84e5 |
| SHA256: | beffa905eeb7b6fc72c3d24e06d981def548c5dfa6c4f9ed8d74a3939ddc909c |
| Infos: | |
 | |
Detection
| Score: | 52 |
| Range: | 0 - 100 |
| Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
AI detected landing page (webpage, office document or email)
Connects to many different domains
Detected suspicious crossdomain redirect
Document contains embedded VBA macros
Document misses a certain OLE stream usually present in this Microsoft Office document type
HTML body with high number of embedded images detected
HTML page contains hidden javascript code
IP address seen in connection with other malware
Classification
- System is w10x64
Acrobat.exe (PID: 6748 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\F atura.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) 
AcroCEF.exe (PID: 2684 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 6708 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=22 32 --field -trial-han dle=1568,i ,117414141 9536379837 2,13646701 7641385427 06,131072 --disable- features=B ackForward Cache,Calc ulateNativ eWinOcclus ion,WinUse BrowserSpe llChecker /prefetch: 8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
chrome.exe (PID: 8120 cmdline: "C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --s tart-maxim ized "abou t:blank" MD5: E81F54E6C1129887AEA47E7D092680BF) - chrome.exe (PID: 7224 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --no-pre-r ead-main-d ll --field -trial-han dle=2076,i ,590708359 0590908834 ,180581893 6420512285 4,262144 - -disable-f eatures=Op timization GuideModel Downloadin g,Optimiza tionHints, Optimizati onHintsFet ching,Opti mizationTa rgetPredic tion --var iations-se ed-version --mojo-pl atform-cha nnel-handl e=2104 /pr efetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
- chrome.exe (PID: 7728 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://onedr ive.live.c om/view.as px?resid=6 D4A4C0232F 26B6B!s542 c72388dc84 9d382622a4 ef0a8e563& redeem=aHR 0cHM6Ly8xZ HJ2Lm1zL2I vYy82ZDRhN GMwMjMyZjI 2YjZiL0VUa HlMRlRJamR OSmdtSXFUd kNvNVdNQk5 HWmlRZXJKe WVrekpjbTN kVTNFSEE_Z T1WZHp0R08 " MD5: E81F54E6C1129887AEA47E7D092680BF)
- chrome.exe (PID: 6956 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --s tart-maxim ized --sin gle-argume nt about:b lank MD5: E81F54E6C1129887AEA47E7D092680BF)
- chrome.exe (PID: 3676 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --s tart-maxim ized --sin gle-argume nt http:// A:50694024 1*B:508646 529*C:PT*D :FT*E:N*F: 06-09-2024 *G:FT B/30 20*H:JJT3P SR4-3020*I 1:P*I7:50* N:0*O:50*Q :UQb+*R:07 50 MD5: E81F54E6C1129887AEA47E7D092680BF)
- chrome.exe (PID: 6452 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --s tart-maxim ized --sin gle-argume nt about:b lank MD5: E81F54E6C1129887AEA47E7D092680BF)
- chrome.exe (PID: 1940 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --s tart-maxim ized --sin gle-argume nt http:// A:50694024 1*B:508646 529*C:PT*D :FT*E:N*F: 06-09-2024 *G:FT B/30 20*H:JJT3P SR4-3020*I 1:P*I7:50* N:0*O:50*Q :UQb+*R:07 50 MD5: E81F54E6C1129887AEA47E7D092680BF)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | ReversingLabs: | ||
Phishing | |
|---|
| Source: | Joe Sandbox AI: | ||
| Source: | Joe Sandbox AI: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||