Windows Analysis Report 8795156_490162680Email_Correspondence.pdf

Overview

General Information

Sample Name:	8795156_490162680Email_Correspondence.pdf
Analysis ID:	483802
MD5:	20da3e9fb6519f8ec141e8aa156c0aaf
SHA1:	1d064b479bb9c3561cc80e64fee9c37a43460bf1
SHA256:	65492564da5ba6456e2e2a7f6b91946945833ac33d8334193993b751fd8b5e6a
Infos:
Most interesting Screenshot:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Signatures

There are no high impact signatures.

Source: AcroRd32.exe, 00000002.00000000.254800589.000000000B470000.00000004.00000001.sdmp	String found in binary or memory: http://...............Acrobat
Source: AcroRd32.exe, 00000002.00000000.284840503.000000000BFAC000.00000004.00000001.sdmp	String found in binary or memory: http://ns.ado
Source: AcroRd32.exe, 00000002.00000000.254521660.000000000B18E000.00000004.00000001.sdmp, AcroRd32.exe, 00000002.00000000.253353779.000000000A2DF000.00000004.00000001.sdmp	String found in binary or memory: http://www.dictionary.com/cgi-bin/dict.pl?term=
Source: AcroRd32.exe, 00000002.00000000.274213381.0000000008656000.00000004.00000001.sdmp	String found in binary or memory: http://www.quicktime.com.Acrobat
Source: AcroRd32.exe, 00000002.00000000.254800589.000000000B470000.00000004.00000001.sdmp, AcroRd32.exe, 00000002.00000000.267336039.000000000B62F000.00000004.00000001.sdmp, AcroRd32.exe, 00000002.00000000.256934961.000000000B704000.00000004.00000001.sdmp	String found in binary or memory: http://www.sars.gov.za/forms/
Source: AcroRd32.exe, 00000002.00000000.267336039.000000000B62F000.00000004.00000001.sdmp	String found in binary or memory: http://www.sars.gov.za/forms/_
Source: AcroRd32.exe, 00000002.00000000.277848368.000000000A6B1000.00000004.00000001.sdmp	String found in binary or memory: http://www.w3.o
Source: AcroRd32.exe, 00000002.00000000.254800589.000000000B470000.00000004.00000001.sdmp, AcroRd32.exe, 00000002.00000000.284188338.000000000BD77000.00000004.00000001.sdmp, AcroRd32.exe, 00000002.00000000.284840503.000000000BFAC000.00000004.00000001.sdmp, AcroRd32.exe, 00000002.00000000.277848368.000000000A6B1000.00000004.00000001.sdmp	String found in binary or memory: http://www.xfa.org/schema/xci/2.6/
Source: AcroRd32.exe, 00000002.00000000.270257827.000000000BE64000.00000004.00000001.sdmp, AcroRd32.exe, 00000002.00000000.249194846.00000000046EB000.00000004.00000001.sdmp, AcroRd32.exe, 00000002.00000000.256934961.000000000B704000.00000004.00000001.sdmp, AcroRd32.exe, 00000002.00000000.283263192.000000000BB34000.00000004.00000001.sdmp	String found in binary or memory: http://www.xfa.org/schema/xfa-data/1.0/
Source: AcroRd32.exe, 00000002.00000000.270257827.000000000BE64000.00000004.00000001.sdmp	String found in binary or memory: http://www.xfa.org/schema/xfa-data/1.0/ns#/
Source: AcroRd32.exe, 00000002.00000000.275263678.0000000009DBF000.00000004.00000001.sdmp, AcroRd32.exe, 00000002.00000000.277848368.000000000A6B1000.00000004.00000001.sdmp, 8795156_490162680Email_Correspondence.pdf	String found in binary or memory: http://www.xfa.org/schema/xfa-form/2.6/
Source: AcroRd32.exe, 00000002.00000000.254800589.000000000B470000.00000004.00000001.sdmp	String found in binary or memory: http://www.xfa.org/schema/xfa-form/2.8/
Source: AcroRd32.exe, 00000002.00000000.283263192.000000000BB34000.00000004.00000001.sdmp	String found in binary or memory: http://www.xfa.org/schema/xfa-locale-set/2.6/
Source: AcroRd32.exe, 00000002.00000000.256934961.000000000B704000.00000004.00000001.sdmp	String found in binary or memory: http://www.xfa.org/schema/xfa-locale-set/2.6/e
Source: AcroRd32.exe, 00000002.00000000.270257827.000000000BE64000.00000004.00000001.sdmp, AcroRd32.exe, 00000002.00000000.256934961.000000000B704000.00000004.00000001.sdmp, AcroRd32.exe, 00000002.00000000.284840503.000000000BFAC000.00000004.00000001.sdmp, AcroRd32.exe, 00000002.00000000.283220249.000000000BABC000.00000004.00000001.sdmp, AcroRd32.exe, 00000002.00000000.283263192.000000000BB34000.00000004.00000001.sdmp	String found in binary or memory: http://www.xfa.org/schema/xfa-template/2.6/
Source: AcroRd32.exe, 00000002.00000000.264453316.000000000A406000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/
Source: AcroRd32.exe, 00000002.00000000.264453316.000000000A406000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/
Source: AcroRd32.exe, 00000002.00000000.264453316.000000000A406000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/&
Source: AcroRd32.exe, 00000002.00000000.264453316.000000000A406000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/8
Source: AcroRd32.exe, 00000002.00000000.264453316.000000000A406000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/F
Source: AcroRd32.exe, 00000002.00000000.264453316.000000000A406000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/X
Source: AcroRd32.exe, 00000002.00000000.264453316.000000000A406000.00000004.00000001.sdmp	String found in binary or memory: https://idisk.mac.com/
Source: AcroRd32.exe, 00000002.00000000.262531952.00000000089F4000.00000004.00000001.sdmp	String found in binary or memory: https://ims-na1.adobelogin.com

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\Local\Temp\acrord32_sbx

Jump to behavior

Source: classification engine

Classification label: clean0.winPDF@13/54@0/1

Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\8795156_490162680Email_Correspondence.pdf'
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\8795156_490162680Email_Correspondence.pdf'
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1692,49734726695296726,14708380478045234943,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=12528180285023581782 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12528180285023581782 --renderer-client-id=2 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1692,49734726695296726,14708380478045234943,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=13295799918542925837 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1692,49734726695296726,14708380478045234943,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=14045389042154872069 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14045389042154872069 --renderer-client-id=4 --mojo-platform-channel-handle=1840 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1692,49734726695296726,14708380478045234943,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=8578766355593294049 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8578766355593294049 --renderer-client-id=5 --mojo-platform-channel-handle=2112 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\8795156_490162680Email_Correspondence.pdf'	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1692,49734726695296726,14708380478045234943,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=12528180285023581782 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12528180285023581782 --renderer-client-id=2 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1692,49734726695296726,14708380478045234943,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=13295799918542925837 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1692,49734726695296726,14708380478045234943,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=14045389042154872069 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14045389042154872069 --renderer-client-id=4 --mojo-platform-channel-handle=1840 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1692,49734726695296726,14708380478045234943,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=8578766355593294049 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8578766355593294049 --renderer-client-id=5 --mojo-platform-channel-handle=2112 --allow-no-sandbox-job /prefetch:1	Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File read: C:\Program Files (x86)\desktop.ini

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt16.lst.6472

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File opened: C:\Windows\SysWOW64\Msftedit.dll

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: 8795156_490162680Email_Correspondence.pdf	Initial sample: PDF keyword /JS count = 0
Source: 8795156_490162680Email_Correspondence.pdf	Initial sample: PDF keyword /JavaScript count = 0
Source: A9Rgq07pf_3n1fzb_4zs.tmp.2.dr	Initial sample: PDF keyword /JS count = 0
Source: A9Rgq07pf_3n1fzb_4zs.tmp.2.dr	Initial sample: PDF keyword /JavaScript count = 0
Source: A9R1vhrw39_3n1fzc_4zs.tmp.2.dr	Initial sample: PDF keyword /JS count = 0
Source: A9R1vhrw39_3n1fzc_4zs.tmp.2.dr	Initial sample: PDF keyword /JavaScript count = 0

Source: 8795156_490162680Email_Correspondence.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: 8795156_490162680Email_Correspondence.pdf

Initial sample: PDF keyword /AcroForm count = 2

Source: 8795156_490162680Email_Correspondence.pdf

Initial sample: PDF keyword /ObjStm count = 6

Source: 8795156_490162680Email_Correspondence.pdf

Initial sample: PDF keyword stream count = 25

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

Process information queried: ProcessInformation

Jump to behavior

Source: AcroRd32.exe, 00000002.00000000.260995878.0000000004EA0000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWnd
Source: AcroRd32.exe, 00000002.00000000.260995878.0000000004EA0000.00000002.00020000.sdmp	Binary or memory string: Progman
Source: AcroRd32.exe, 00000002.00000000.260995878.0000000004EA0000.00000002.00020000.sdmp	Binary or memory string: SProgram Managerl
Source: AcroRd32.exe, 00000002.00000000.260995878.0000000004EA0000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWnd,
Source: AcroRd32.exe, 00000002.00000000.260995878.0000000004EA0000.00000002.00020000.sdmp	Binary or memory string: Progmanlock

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious

Private

IP
192.168.2.1

ID:	483802
Product:	CloudBasic
Start time:	14:03:45
Start date:	15.09.2021
Sample:	8795156_490162680Email_Correspondence.pdf
Cookbook:	defaultwindowspdfcookbook.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	20da3e9fb6519f8ec141e8aa156c0aaf
SHA1:	1d064b479bb9c3561cc80e64fee9c37a43460bf1
SHA256:	65492564da5ba6456e2e2a7f6b91946945833ac33d8334193993b751fd8b5e6a
Filetype:	Adobe Portable Document Format (5005/1) 100.00%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0	data	6E1D86002F7A733FB4D6984504B43AC0	CD0EE4273D47FB6CEB2C3CDE909A3E1D1834E02E	9D67B5AA9008C6B6D93B506CA84B964C05F8A18F0A7B029CE16035A785CB7CB0
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0	data	67F5164EDA2E7820698C0EE48D596F45	E467E150854945CB32B07236AE22B07ABC476CA5	E88D04237C6C715E0062B5879E3A8016C17EB42596C0E2589F2C1BFFA9A58DBB
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0	data	D6C92009DA5F383ACEB0AAE97DC7A4F7	63E68E8DE11C7C19455B4CA75775CE967FB128B9	66E9BBDF25456624AAFFB80780D9027E5924601C0F16630DA3F1573A76746041
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0ace9ee3d914a5c0_0	data	5E3C164E2E400B01F1D37275BCB9BF18	C427F23422BBA6FE8B9C59CA2840F7177870CF8B	4D519EF67CC87433ADBE1B0EDF8DF644344536A24C205F37907F3A19133B7169
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0	data	5A4359C1E52704D12A4B8125D6B6366D	5DBF2888606F35470AA4DD28BAD65076597F7B57	FA5B64A037AAA21E462613580D46E7D06D27FECFA0D9C239968FDD1289450D3E
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0	data	37607E180F394DABD026491367B706C3	9F1D75C376E4488A4F4EF3F4411A1912CA34F709	D124C3E3481FD4DA51FBEE027ACEA27A1041C6887D5E792A6F8AFB73B2E3CF7B
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0	data	7A95B3CBB009454AFFC2A751E22D4E54	E143FB13908EA187D917BBA43974747399FB5CA7	33B8BB7F295542F1B8D941F2D4403FA0A97734B08596901B482B2CCF86ACD815
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0	data	8FFA789F75ED8C74986153B0394AB622	E4EAA0ED62DA0D1A1E513D8D7CE4EAF34A7F23F6	F94AB27CE92A2684BB1979C91FFE8E06AFEA8150822D6ACB1363B9E7EF2ED392
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\3a4ae3940784292a_0	data	E58BC2CA037A6BDF12E3697BF1902E1B	34825F81A34D5A6F3C8BA9C89B34256A9DB2BCB7	BE15B2B1EFD243686823992D88703DFDA4562B197D9D1F56661D813E347C85C6
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0	data	41E87449E0D814FBA5BD09642729D0CE	C407BDA504AB5CD9B28A2526BBD08BC588A5820B	32B1A9CD05B55477CF73683A77C67F3FF2F15B31E71A215D825BB1E80D911893
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0	data	3D214CF215142A2AB014B491EF3D274F	73AB67B6D425FCF787C448E0C722500F4BE7D632	C9648AACF0FB5F23D5790007F9C9DBBA49873B527EB6B9D283CC03C72F0BBE6D
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0	data	AE881DF5539568B9A52A86C8D5A734BD	8EED724FBABBE02E1410329265D581DF1B1CD9A4	D59B37467ABF2B4D0CF95E60AA269EEC579EA8C22A470FE87C668FF5CA6F7B52
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0	data	1CBFA3309B58659BB286D9354068F787	67084A261C45B30D82F9F40A540588C062C11B54	102DF91169678CDF770BF13617C61F5D4801959E7610017EE9E1B121E7EFBA03
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0	data	DB35346E7D6E1F3E721520C7167F1CEC	F233BCA9057F2DCC2E7AA718E9AAD4B778E16028	E45EC189CFA983A9D239ADBC90BD425D2FEFE3C6BB3122B0D0B6C3CF91AD1E93
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0	data	95979210AA22C64AF53EF0B09EBD487E	ACD7857448302AFD87F44BA3D2073A7A14EDAEEF	96D396F1FAE3A4B2DB39438557E5DB280DC2D3EB2EBF2552CCEBF92A8E10A170
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0	data	4C835D7ED76067066595C31A62B0E0DE	DBFC2BAB6F94F91CAF8F825886B40C4F7984174E	9D2DEC5D2D9D138B02D2AAA2BE0F98B66EAF244671CC2355FF820E34A3DDEEBB
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0	data	6DA6436B18F2628F0B69966BD2C683BF	5C88EC8E608C493A1762EC0A2FB97546E798B900	BC5E8B9AF31EA2CF88261FDAF8879FD799510B9726BA647859BDEBE0B3730CEF
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0	data	4974BF472388DF190C35C6D1DD4371C9	D1437F8A105073FEB7FEC72D4343B4F5A1DF8573	3658876DDCA5A192047800C5E1C18A7E21DE0514C460381D9AB6F9A1DB027B0B
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0	data	5E8EEF61EBFEECD21607802CBAF93D5D	A487E20CA55055D7CA7677D153000FB1FE57C2BE	81F4B00A93245E7ADAB673CE71D300C2DFBAAD1AFB4C597546A5B2FF72145698
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0	data	08F88D5C3B37319BC23791824BFF2C4D	15BAA791960CBDD6DB3648AB1F543E8A43BCCA74	6FB9114B36F0AFDF9658B779198503DB27C4280A5C67EDFE59377BFA189A9EAC
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0	data	08BCAF73D8AA8CDE8D079C60773B92D3	10B9A1FD679549D594B449700493C25FC4D009ED	D524D68ADCED3AD2093E7C5474D085537354C7ACADAC6754671C492D9ACF31CD
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0	data	14BBB5B5F9E24FD455940F340C56C707	8364053D636C2A2DD6AE2230D6D1DC33DF3B6B93	03C68052ED79C15B2DDA99A9F4A16FF66440DDF5FCEA600EF026E16AFE79B9C4
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0	data	4497C83A014AC57DD6FBFF43ECA23D24	968B8B380C0CDC255841D5926EDBDFDFE0B7245A	C6C6FBAACE16EA60B4604A10DD707EDB1D7C1B803774479B170BF82369317874
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0	data	20784B0F65C8B20882A5BEB4EF4157BE	97AC55B57356C1BF6B67DFE628F713CD1D8DF224	54D74515B8C7C0C5645F035094C36D51E87DE2D21ACFD210B26C4CC7125D853F
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0	data	3084EBAC6615F43586D310C9699FBC59	14C7D52CDA7EFFC4E162443982F2794B3A2440DE	2F331D58D5ED5DCED135FB6FC0CEA4183B521280F909B3DD1DDFB0061A4FD0E0
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0	data	A8B586FD35465C1EFC5561E14B8912B2	62192B5E50A6499FE2E8D66972AD85FE8FA7525D	5B6583636357E91F44A0AF758C19900814B35F0BE00E3CA34D7CC938EE8BEFD3
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0	data	58919786C14177599661FC853A1C0B8C	9E112C8D2D37BD57321D4C7A2819BEC94A66F09A	F2D9D7FA185BB471B02CC0E93C3D079A3644F051E57C1986287F3F82002129AC
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bf0ac66ae1eb4a7f_0	data	6A5AD39C831C62B20DEB2BF5A5700AF1	4365C7D0DE35F662E55373E505D07BCE5072F56C	A1FFA380C48CF7D0517AADBF0EF6ECB230DB5062F51FF8541424BFA570C82648
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0	data	9C78C7DEF755C0BFF6D33A0C45125DEE	F31535749417ED441433E51484F92087E2E68A71	4BC2DCAEE03E5DD5103AB14E3E28F741771789C0EE4CE245C80D41B4404166DC
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d449e58cb15daaf1_0	data	CD1B8357F473652A4178283A5A7DDFCF	74487EAE347D230E05CD716712DCF905626590FC	10CA69663AE712C239970829838E15C72FD505FE6970A8108094507793F3C2BA
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d88192ac53852604_0	data	B0ADAADBFC713426ABB015F146E43BFC	40EFCA64335561553C6234634C8AF4346E93C18A	4084D70C2139035390B49B4B283A2B31DBAFD2B64E97ABFA3573AC27306F1D9D
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\de789e80edd740d6_0	data	3D5ECCFA12C785EC6BA8F01E0E82AC88	B4997997273A3989CDA79A50E694ECCD7F429DBD	B073C64F602B3DD8B40FDA5F0C7B070E03CF864426F3025F259AB5F57EEC0FAE
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0	data	31A8DC89520045154FB04C9803B9E9E8	BA2E29A6C04FFE9F155DEE5250D25111BCBFB0AF	3EE8ECEBD1F6051B9BF10F1FC79573B33C5DD49F2B2CD859D71320C63331C51A
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f4a0d4ca2f3b95da_0	data	D33F818DA456840F5FC00533B3801BCA	40C1569B7271157B7CFB8FC6CD807050257AF7E3	E8BD5A4FC6D32EDC1A6A0ABF159040EF009B0AB08BE72D33DF4B9D2D18FD03A6
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0	data	2EC300B2AD6692B7823CCC6A4C086305	C9A9AE9FCB5CBDC6CCD1CDE60428DF184C932DFC	C19B0EA72C580D583A5FB5358AF0DC5FCD542E7D2F82223FA6857FC05A0EEEA0
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0	data	1CA2A89CC914A749519CDEB13F3E90CF	168D9051EC84C7B02E1CD0815871A337E314FD4B	EDDAEB2B67C1D638CE9494AC8F643052CCB79A34C57F0187FE02EA944026AD79
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0	data	5BD3D78E7A02514410CC22933AB599AC	66C46E1BE79126AEF201D010358570830E69A82E	529FC945FDFE7D304D74D3B898AC8DC36C86207549A49E5F400F0F76AD08E48B
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fdd733564de6fbcb_0	data	DE872B8495CE2A814F5DFAA8EBCF68CC	B8ED59AA49CEA7B56C0A994E831AA501ED5B3E1E	0D3E6DD387FF371E49AD89D2AAAAF4C56085F806644CAD53BC81F8369BB79CA4
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0	data	51ADCB44242ED85598E855F74443F67E	310856E04DF917857A47A1EB2794D7E4FF78833B	E40DECEC0ADAA984022649E1A19C7C58D676A90A809C04D8B68CBF238545711E
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\temp-index	data	267310602D3E672C77161AE5CE186774	BA078DBA8F2F63C21615A3AA8BF48098B5D4C636	D8B3A83C1E838D9C6634AD81B428355F1CF8D54B51CF9C5649BFCC0716AE3434
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\the-real-index (copy)	data	267310602D3E672C77161AE5CE186774	BA078DBA8F2F63C21615A3AA8BF48098B5D4C636	D8B3A83C1E838D9C6634AD81B428355F1CF8D54B51CF9C5649BFCC0716AE3434
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG	ASCII text	78667E13EC98F2D3F3F385686FFD6A68	5972359AC6596A194E0D5BE1AF638E19EED21983	FE5E66D93DA4608F0310FAAB5C2B8CE7B9CEB7E6BEF352E7C04DB1BED9B8BBB5
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)	ASCII text	78667E13EC98F2D3F3F385686FFD6A68	5972359AC6596A194E0D5BE1AF638E19EED21983	FE5E66D93DA4608F0310FAAB5C2B8CE7B9CEB7E6BEF352E7C04DB1BED9B8BBB5
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links	data	28C3F901AA5AC270CCAB75AA191F3258	5D399FD68F093714478F4E722E6432F2F242EC89	7C8E9508FC031C0B9B0EF7AA2AC874A1C14DE506A9AA035917F03E6CA1D3480D
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-210915222946Z-40327686.bmp	PC bitmap, Windows 3.x format, 107 x -152 x 32	5AF1248C364B5E5A7C5CCA2456F525D4	5AB48975345257E4C19354DD8E5CF6983DA8163C	6F1C5DC0829DFC095039477308B637A595247D05D2AED39B2CB73EB857844F8C
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages	SQLite 3.x database, last written using SQLite version 3024000	47D0C8FD68FC391882B01FF51DE3D655	09836FA75AAD6CE03EA1A72BAEBCDDF1711E7788	195B16DEAEE0721CA2EE7DD99727D7B19971C6C1199B7304D44B791EB79D1B4A
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal	data	3155D282C551364330A2E1AF6641472B	21CEFF89835F3129A5F300C960D0737F67DBB9A6	3FD705C1696B9DA8339DF6BD1E9211684E379E05DEB5704B11B069CB1551F197
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt16.lst.6472	PostScript document text	A2C6972A1A9506ACE991068D7AD37098	BF4D2684587CF034BCFC6F74CED551F9E5316440	0FB687D20C49DDBADD42ABB489C3B492B5A1893352E2F4B6AA1247EFE7363F65
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst (copy)	PostScript document text	A2C6972A1A9506ACE991068D7AD37098	BF4D2684587CF034BCFC6F74CED551F9E5316440	0FB687D20C49DDBADD42ABB489C3B492B5A1893352E2F4B6AA1247EFE7363F65
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin	data	16AD42956974EDDF54B46D46A4842389	14B8B2766B03C75ECC2E7E23486A9C3DE79B70A7	676E321304B578ACF0B13EC195513DD13082BD5D05DFDD93E472A192B9C0794C
C:\Users\user\AppData\Local\Temp\acrord32_sbx\A9R1vhrw39_3n1fzc_4zs.tmp	PDF document, version 1.6	134E3453FE72599B85F7552E884C266E	CBD14D65B0D7A105445135AE406B36BFF6AFB17C	108D90C9B8A4FDAE00D927D69B84CCA7363C8324979D68E5367529FE01B2850C
C:\Users\user\AppData\Local\Temp\acrord32_sbx\A9Rgq07pf_3n1fzb_4zs.tmp	PDF document, version 1.6	B01477BD1F7F217A620BA15AEB121365	6A1A8F97C88739155879B82BF215DA2BA2FE05FE	1C484250E029237C7DE297E2350EA9994114FE19DE89A3CF780ED0AD9877FA97
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store	data	6F38F14E77DF75FA9F80D6992EBA2696	2BA35DD62CFED5B2296FABFA2217CB8DD48EA077	32C72D5DA9604B3FF32313FD668569C8C0E3A322455250F2CC42902311D22CA7
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei	MS Windows COFF PA-RISC object file	B599DD635EAE66871D72628C338FFD2E	1BE4576BC60D3B71D13D168D5114F055B857AD96	EF6D091DD5EA8E09D10D5D03586E4CC14E4A1714C2EBA04C5D32720BB7BA2B69

Windows Analysis Report 8795156_490162680Email_Correspondence.pdf

Overview

General Information

Detection

Signatures

Classification

Signatures

Networking:

System Summary:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

HIPS / PFW / Operating System Protection Evasion:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private