analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://leadtrainings.com/wp-content/uploads/2022/08/WOMEN_In_Leadership.pdf

Full analysis: https://app.any.run/tasks/0a2fa523-09a1-4214-8219-48cee0939893
Verdict: Malicious activity
Analysis date: October 05, 2022, 06:10:54
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

3D2729DD5BFB1CCE242FAC58DBF70BE8

SHA1:

7C393FCB66DB178A8C4317C21BB76B201D88D4A1

SHA256:

5DD5273EBBE5299B327AB6413C81A0B98A7AE33E7BEB96B239CF3506B3A2C643

SSDEEP:

3:N8AEnMGFVOlAQyXXueBDn:2AEMGFVOlAZnucn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3068)
      • AcroRd32.exe (PID: 3584)
      • RdrCEF.exe (PID: 2908)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
55
Monitored processes
14
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe acrord32.exe no specs acrord32.exe acrord32.exe no specs rdrcef.exe rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs adobearm.exe no specs reader_sl.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3068"C:\Program Files\Internet Explorer\iexplore.exe" "https://leadtrainings.com/wp-content/uploads/2022/08/WOMEN_In_Leadership.pdf"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2512"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3068 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
3512"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" /o /eo /l /b /id 2512C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeiexplore.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe Acrobat Reader DC
Exit code:
0
Version:
20.13.20064.405839
3584"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" /o /eo /l /b /id 2512C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
iexplore.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe Acrobat Reader DC
Version:
20.13.20064.405839
3676"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=renderer /o /eo /l /b /id 2512C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeAcroRd32.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe Acrobat Reader DC
Version:
20.13.20064.405839
2908"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
AcroRd32.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Version:
20.13.20064.405839
3412"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1076,2275950775540890988,13522947872173288571,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4125977126452754979 --renderer-client-id=2 --mojo-platform-channel-handle=1196 --allow-no-sandbox-job /prefetch:1C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Version:
20.13.20064.405839
3492"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1076,2275950775540890988,13522947872173288571,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=16293948863974709238 --mojo-platform-channel-handle=1224 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Exit code:
1
Version:
20.13.20064.405839
1932"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1076,2275950775540890988,13522947872173288571,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=13543405114712312542 --mojo-platform-channel-handle=1392 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Exit code:
1
Version:
20.13.20064.405839
1436"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1076,2275950775540890988,13522947872173288571,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=11583764072510291502 --mojo-platform-channel-handle=1416 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Exit code:
1
Version:
20.13.20064.405839
Total events
24 505
Read events
24 312
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
115
Text files
9
Unknown types
10

Dropped files

PID
Process
Filename
Type
3068iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442der
MD5:6A9C9AAAD47A858879A5655B175825C8
SHA256:556C28AE4E43812B99A48D14E20D647BC6AF0F293429E3613C1ABCFBD249C16F
2512iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:2DAFDD62410AE7F34A2E7683C4D5FC03
SHA256:09F4F3C1D7C41BCA37606166D09C4861B494C45B7FB7A8D73985AA77E0FD0038
2512iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8677289FE65E575F289FA1A8ABA7F6B1binary
MD5:29B1022FF6BB1572960E657481ACBE27
SHA256:9D35D558120144A4F3B19B3A4922353E8462A4F19272D7E9E5F820DA1590D7CF
2908RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0binary
MD5:6E31311F149789CBC9B1135B8AF9FC12
SHA256:E123077CDC13293180131EC57E8F4740BCF9CDF3DE7F8F86BC652B065816D645
2512iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771der
MD5:AA6C1B3D503B045E9918EAC50C2859E2
SHA256:73E09C0D82004EDBB527F9767BB02481AD1D2814E0B913229084F6A5DF775B06
2512iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8677289FE65E575F289FA1A8ABA7F6B1der
MD5:7615F6D538C604DA3D3A453B3ABCBDCE
SHA256:E3789B1EE6B6AD973D8022762C28EEF53B53FAD7E70777DCC3BB0A8915B68312
2512iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771binary
MD5:BEA1EDC1826579E4E94B38075B257D96
SHA256:2F526834A70B60FE33241ED91A1DB2694ADC93A55070E435DFD09CDB71AA9A6E
2908RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0binary
MD5:8E71529CD65EC1366BF84FE4F65FFAE3
SHA256:C58CB354556A904BDC689F6D76017D2B847CEBBAA03E4CCFF9BA535C53196C13
3676AcroRd32.exeC:\Users\admin\AppData\Local\Adobe\Acrobat\DC\UserCache.binbinary
MD5:5C064A5281B95A3F5F8D29CAC2459BBF
SHA256:83C1B21F0F6A9AE60295A9318D3AD0B373A147CD6D7B6EC212183116FE262F0B
3068iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442binary
MD5:B6B3F6512FB5535B7EF3ACB79900010B
SHA256:617EB2ED4A4CE67F1814E10F0532651E79A05C11CDCAD05D3250E1BA70FA9A9C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
28
DNS requests
16
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2512
iexplore.exe
GET
200
192.124.249.41:80
http://ocsp.godaddy.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdI2%2BOBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc%3D
US
der
1.69 Kb
whitelisted
2512
iexplore.exe
GET
200
192.124.249.41:80
http://ocsp.godaddy.com//MEkwRzBFMEMwQTAJBgUrDgMCGgUABBS2CA1fbGt26xPkOKX4ZguoUjM0TgQUQMK9J47MNIMwojPX%2B2yz8LQsgM4CCAE1AknHvX72
US
der
1.74 Kb
whitelisted
3068
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D
US
der
1.47 Kb
whitelisted
2512
iexplore.exe
GET
200
192.124.249.31:80
http://crl.godaddy.com/gdig2s1-3978.crl
US
der
60.6 Kb
whitelisted
3584
AcroRd32.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D
US
der
471 b
whitelisted
2512
iexplore.exe
GET
200
67.27.234.126:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?324763103124cedb
US
compressed
4.70 Kb
whitelisted
2512
iexplore.exe
GET
200
67.27.234.126:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?39d2d4bbd71fb2f9
US
compressed
4.70 Kb
whitelisted
3068
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3068
iexplore.exe
131.253.33.200:443
www.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2512
iexplore.exe
160.153.138.217:443
leadtrainings.com
Host Europe GmbH
NL
malicious
3068
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
EDGECAST
GB
whitelisted
2512
iexplore.exe
67.27.234.126:80
ctldl.windowsupdate.com
LEVEL3
US
suspicious
2512
iexplore.exe
192.124.249.41:80
ocsp.godaddy.com
SUCURI-SEC
US
suspicious
192.168.100.2:53
whitelisted
2512
iexplore.exe
192.124.249.31:80
crl.godaddy.com
SUCURI-SEC
US
unknown
3068
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
EDGECAST
US
whitelisted
2908
RdrCEF.exe
23.35.236.137:443
geo2.adobe.com
AKAMAI-AS
DE
suspicious
2908
RdrCEF.exe
23.35.228.137:443
armmf.adobe.com
AKAMAI-AS
DE
suspicious

DNS requests

Domain
IP
Reputation
www.microsoft.com
whitelisted
leadtrainings.com
  • 160.153.138.217
unknown
ctldl.windowsupdate.com
  • 67.27.234.126
  • 67.27.235.126
  • 67.26.75.254
  • 67.27.233.126
  • 8.241.9.254
whitelisted
ocsp.godaddy.com
  • 192.124.249.41
  • 192.124.249.36
  • 192.124.249.24
  • 192.124.249.22
  • 192.124.249.23
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 131.253.33.200
  • 13.107.22.200
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
crl.godaddy.com
  • 192.124.249.31
  • 192.124.249.36
  • 192.124.249.41
whitelisted
geo2.adobe.com
  • 23.35.236.137
whitelisted
p13n.adobe.io
  • 52.5.13.197
  • 54.227.187.23
  • 23.22.254.206
  • 52.202.204.11
whitelisted

Threats

No threats detected
No debug info