File name:

The Art of Memory Forensics - Detecting Malware and Threats in Windows, Linux, and Mac Memory.pdf

Full analysis: https://app.any.run/tasks/be1016f3-6ebd-42a8-959a-70004fc04b5b
Verdict: Malicious activity
Analysis date: May 31, 2024, 19:06:11
OS: Ubuntu 22.04.2
MIME: application/pdf
File info: PDF document, version 1.6, 7 pages
MD5:

158AAFA797D1ED82C0F51DD72E18EE06

SHA1:

5478DBBA79D3A035EAE05D767D82EB8BC8A109BA

SHA256:

3CABD2914A61EE8FC7AA1F1B1816C72F20B39A86AABDAF31138F4508A766F099

SSDEEP:

98304:zM8RMkKFKO0UtX48t38hafMJCSbdnJeaSdDPY+EfO8ZU4t5sAG6rSQKq0yRhJ1Ps:CcfrrG/BXmM

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.pdf | Adobe Portable Document Format (100)

EXIF

PDF

PDFVersion: 1.6
Linearized: No
Author: Michael Hale Ligh
CreateDate: 2014:07:16 00:34:59Z
Creator: www.it-ebooks.info
EBX_PUBLISHER: John Wiley & Sons, Inc.
ModifyDate: 2014:08:21 18:58:03+04:00
Producer: www.it-ebooks.info
Title: The Art of Memory Forensics
Trapped: -
WwwIt-ebooksInfo: {6F114860-FA26-42C9-B26F-48EC50C4FBE9}
Keywords: www.it-ebooks.info
Subject: www.it-ebooks.info
PageLayout: SinglePage
PageMode: UseNone
PageCount: 914

XMP

XMPToolkit: Image::ExifTool 9.60
Creator: www.it-ebooks.info
Format: application/pdf
Subject: www.it-ebooks.info
Title: The Art of Memory Forensics
Keywords: www.it-ebooks.info
Producer: www.it-ebooks.info
Trapped: -
EbxPublisher: John Wiley & Sons, Inc.
CreateDate: 2014:07:16 00:34:59Z
CreatorTool: Adobe InDesign CS6 (Macintosh)
MetadataDate: 2014:07:19 15:06:43+01:00
ModifyDate: 2014:07:19 15:06:43+01:00
DocumentID: uuid:94451eb0-2cad-4a2f-b354-e5f6e3b97f9a
InstanceID: uuid:832490bd-7bee-4f25-ab45-8e851411e887
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
217
Monitored processes
5
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start sh no specs sudo no specs evince no specs locale-check no specs dbus-daemon no specs

Process information

PID
CMD
Path
Indicators
Parent process
11955/bin/sh -c "DISPLAY=:0 sudo -iu user evince \"/tmp/The Art of Memory Forensics - Detecting Malware and Threats in Windows, Linux, and Mac Memory\.pdf\" "/bin/shany-guest-agent
User:
user
Integrity Level:
UNKNOWN
11956sudo -iu user evince "/tmp/The Art of Memory Forensics - Detecting Malware and Threats in Windows, Linux, and Mac Memory\.pdf"/usr/bin/sudosh
User:
user
Integrity Level:
UNKNOWN
11957evince "/tmp/The Art of Memory Forensics - Detecting Malware and Threats in Windows, Linux, and Mac Memory\.pdf"/usr/bin/evincesudo
User:
user
Integrity Level:
UNKNOWN
11958/usr/bin/locale-check C.UTF-8/usr/bin/locale-checkevince
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
11963/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only/usr/bin/dbus-daemondbus-daemon
User:
user
Integrity Level:
UNKNOWN
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
11957evince/home/user/.local/share/recently-used.xbel.EGTKO2
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
5
DNS requests
7
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
212.102.56.182:443
odrs.gnome.org
Datacamp Limited
DE
unknown
470
avahi-daemon
224.0.0.251:5353
unknown
185.125.188.55:443
api.snapcraft.io
Canonical Group Limited
GB
unknown

DNS requests

Domain
IP
Reputation
odrs.gnome.org
  • 212.102.56.182
  • 195.181.170.18
  • 156.146.33.138
  • 195.181.175.40
  • 156.146.33.15
  • 212.102.56.179
  • 195.181.175.16
  • 156.146.33.141
  • 2a02:6ea0:c700::11
  • 2a02:6ea0:c700::21
  • 2a02:6ea0:c700::101
  • 2a02:6ea0:c700::10
  • 2a02:6ea0:c700::18
  • 2a02:6ea0:c700::17
  • 2a02:6ea0:c700::19
  • 2a02:6ea0:c700::22
unknown
api.snapcraft.io
  • 185.125.188.55
  • 185.125.188.59
  • 185.125.188.54
  • 185.125.188.58
unknown
6.100.168.192.in-addr.arpa
unknown
connectivity-check.ubuntu.com
  • 2620:2d:4000:1::2b
  • 2620:2d:4000:1::22
  • 2001:67c:1562::23
  • 2001:67c:1562::24
  • 2620:2d:4000:1::23
  • 2620:2d:4000:1::2a
  • 2620:2d:4002:1::198
  • 2620:2d:4002:1::197
  • 2620:2d:4002:1::196
  • 2620:2d:4000:1::96
  • 2620:2d:4000:1::98
  • 2620:2d:4000:1::97
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
The Art of Memory Forensics - Detecting Malware and Threats in Windows, Linux, and Mac Memory.pdf