SAI253- 44766140.pdf
This report is generated from a file or URL submitted to this webservice on August 23rd 2018 16:41:54 (UTC) and action script Heavy Anti-Evasion
Guest System: Windows 7 32 bit, Home Premium, 6.1 (build 7601), Service Pack 1
Report generated by
Falcon Sandbox v8.10 © Hybrid Analysis
Incident Response
MITRE ATT&CK™ Techniques Detection
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Informative 6
-
External Systems
-
Sample was identified as clean by Antivirus engines
- details
- 0/33 Antivirus vendors marked sample as malicious (0% detection rate)
- source
- External System
- relevance
- 10/10
-
Sample was identified as clean by Antivirus engines
-
General
-
Contains object with compressed stream data
- details
- details too long to display
- source
- Static Parser
- relevance
- 10/10
- ATT&CK ID
- T1207 (Show technique in the MITRE ATT&CK™ matrix)
-
Creates mutants
- details
-
"\Sessions\1\BaseNamedObjects\Local\Acrobat Instance Mutex"
"\Sessions\1\BaseNamedObjects\DBWinMutex"
"\Sessions\1\BaseNamedObjects\Local\_!MSFTHISTORY!_"
"\Sessions\1\BaseNamedObjects\Local\c:!users!%OSUSER%!appdata!local!microsoft!windows!temporary internet files!content.ie5!"
"\Sessions\1\BaseNamedObjects\Local\c:!users!%OSUSER%!appdata!roaming!microsoft!windows!cookies!"
"\Sessions\1\BaseNamedObjects\Local\c:!users!%OSUSER%!appdata!local!microsoft!windows!history!history.ie5!"
"\Sessions\1\BaseNamedObjects\Local\WininetStartupMutex"
"\Sessions\1\BaseNamedObjects\Local\WininetConnectionMutex"
"\Sessions\1\BaseNamedObjects\Local\WininetProxyRegistryMutex"
"Local\Acrobat Instance Mutex"
"Local\WininetConnectionMutex"
"DBWinMutex"
"IESQMMUTEX_0_208"
"Local\c:!users!%OSUSER%!appdata!local!microsoft!windows!temporary internet files!content.ie5!"
"Local\WininetProxyRegistryMutex"
"Local\_!MSFTHISTORY!_"
"Local\c:!users!%OSUSER%!appdata!roaming!microsoft!windows!cookies!"
"RasPbFile"
"Local\c:!users!%OSUSER%!appdata!local!microsoft!windows!history!history.ie5!"
"{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flagEJHCIKJGMEIAAAAA" - source
- Created Mutant
- relevance
- 3/10
-
PDF contains no significant text data on the first page(s)
- details
- The input has no visible characters on the first 3 page(s)
- source
- Static Parser
- relevance
- 5/10
-
Scanning for window names
- details
-
"AcroRd32.exe" searching for window "_AcroAppTimer"
"AcroRd32.exe" searching for class "AdobeAcrobatSpeedLaunchCmdWnd"
"AcroRd32.exe" searching for class "AdobeReaderSpeedLaunchCmdWnd"
"AcroRd32.exe" searching for class "Acrobat Instance Window Class"
"AcroRd32.exe" searching for class "ACROSEMAPHORE_R11"
"AcroRd32.exe" searching for class "JFWUI2" - source
- API Call
- relevance
- 10/10
- ATT&CK ID
- T1010 (Show technique in the MITRE ATT&CK™ matrix)
-
Contains object with compressed stream data
-
Installation/Persistance
-
Dropped files
- details
-
"A9B8213768ADC68AF64FCC6409E8BE414726687F.crl" has type "data"
"48B76449F3D5FEFA1133AA805E420F0FCA643651.crl" has type "data" - source
- Binary File
- relevance
- 3/10
-
Dropped files
File Details
SAI253- 44766140.pdf
- Filename
- SAI253- 44766140.pdf
- Size
- 1024KiB (1048361 bytes)
- Type
- Description
- PDF document, version 1.4
- Document author
- Oracle Reports
- Document creator
- Oracle11gR1 AS Reports Services
- Document producer
- Oracle PDF driver
- Document title
- name
- Document pages
- 3
- Architecture
- WINDOWS
- SHA256
- 8c071900e9731dc9cee25ab7a21ec604fcf746247561d1e06c1e9930fd8697f0
- MD5
- 51926536f965d0c703ee8b1dfa56e8b6
- SHA1
- e0a2c603235b486257d05c29efb67c5cfd5123cb
Classification (TrID)
- 100.0% (.PDF) Adobe Portable Document Format
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 1 process in total.
- AcroRd32.exe "C:\SAI253-44766140.pdf" (PID: 2124)
Network Analysis
DNS Requests
No relevant DNS requests were made.
Contacted Hosts
No relevant hosts were contacted.
HTTP Traffic
No relevant HTTP requests were made.
Extracted Strings
Extracted Files
-
Informative 2
-
-
A9B8213768ADC68AF64FCC6409E8BE414726687F.crl
- Size
- 37KiB (37738 bytes)
- Type
- data
- Runtime Process
- AcroRd32.exe (PID: 2124)
- MD5
- eb3e7c0d28537e2662c1bc2795b26eb9
- SHA1
- 3bfbc57934740c491eaeeeb3a6dcd7ff295912b3
- SHA256
- 37174acf10a8a6b39cc7afb4ef77689001acf0b420c760d12739e667569e4fbe
-
48B76449F3D5FEFA1133AA805E420F0FCA643651.crl
- Size
- 1KiB (1073 bytes)
- Type
- data
- MD5
- cbb08ba4ff75a8e56e1d1d8f5f7733e2
- SHA1
- cd88afd55a8232ca96638e63393ca290e173b4c2
- SHA256
- 2f8e5075d1ed7322b95c00cda2ff7502acfdfa1471eedb0eb5e89fb32d44d9e3
-