File name:

Subscription Intern Overview Deck (student).pdf

Full analysis: https://app.any.run/tasks/44762a64-b409-4956-bdf1-7d88a1f301b5
Verdict: Malicious activity
Analysis date: June 25, 2024, 20:31:52
OS: Ubuntu 22.04.2
Tags:
generated-doc
MIME: application/pdf
File info: PDF document, version 1.3
MD5:

D5EC90523D40B18E7000388062B44503

SHA1:

2FE1F2C5F6176E2AA914142298662A4D2E5980B5

SHA256:

61538A4DE575A5005BE3210AD390644A54B49530A66B8810108CEC8D045E8AEB

SSDEEP:

98304:GQHSIfMistEFpnCJ3on8tQ1bIrMWzIn//pbY08n3os19ml2HnuJjiCXbAwLZz61+:ZM8eod

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.pdf | Adobe Portable Document Format (100)

EXIF

PDF

Linearized: No
PageCount: 11
PDFVersion: 1.4
TaggedPDF: Yes
Title: Subscription Intern Overview Deck (student)
Producer: macOS Version 10.15.6 (Build 19G73) Quartz PDFContext
Creator: Keynote
CreateDate: 2024:06:10 04:39:16Z
ModifyDate: 2024:06:10 04:39:16Z
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
227
Monitored processes
14
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
sh no specs file no specs sh no specs sudo no specs evince no specs locale-check no specs dbus-daemon no specs evinced no specs systemctl no specs systemctl no specs systemctl no specs systemctl no specs systemctl no specs systemctl no specs

Process information

PID
CMD
Path
Indicators
Parent process
12931sh -c "file --mime-type \"/tmp/Subscription Intern Overview Deck (student)\.pdf\""/bin/shany-guest-agent
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
12932file --mime-type "/tmp/Subscription Intern Overview Deck (student)\.pdf"/usr/bin/filesh
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
12933/bin/sh -c "DISPLAY=:0 sudo -iu user evince \"/tmp/Subscription Intern Overview Deck (student)\.pdf\" "/bin/shany-guest-agent
User:
user
Integrity Level:
UNKNOWN
12934sudo -iu user evince "/tmp/Subscription Intern Overview Deck (student)\.pdf"/usr/bin/sudosh
User:
user
Integrity Level:
UNKNOWN
12935evince "/tmp/Subscription Intern Overview Deck (student)\.pdf"/usr/bin/evincesudo
User:
user
Integrity Level:
UNKNOWN
12936/usr/bin/locale-check C.UTF-8/usr/bin/locale-checkevince
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
12941/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only/usr/bin/dbus-daemondbus-daemon
User:
user
Integrity Level:
UNKNOWN
Exit code:
482
12942/usr/libexec/evinced/usr/libexec/evinceddbus-daemon
User:
user
Integrity Level:
UNKNOWN
12967systemctl --user --global is-enabled snap.snapd-desktop-integration.snapd-desktop-integration.service/usr/bin/systemctlsnapd
User:
root
Integrity Level:
UNKNOWN
Exit code:
482
12968systemctl --user --global is-enabled snap.snapd-desktop-integration.snapd-desktop-integration.service/usr/bin/systemctlsnapd
User:
root
Integrity Level:
UNKNOWN
Exit code:
482
Executable files
0
Suspicious files
0
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
12935evince/home/user/.local/share/recently-used.xbelxml
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
7
DNS requests
8
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
156.146.33.141:443
odrs.gnome.org
Datacamp Limited
DE
unknown
470
avahi-daemon
224.0.0.251:5353
unknown
485
snapd
185.125.188.55:443
api.snapcraft.io
Canonical Group Limited
GB
malicious
485
snapd
185.125.188.59:443
api.snapcraft.io
Canonical Group Limited
GB
unknown

DNS requests

Domain
IP
Reputation
odrs.gnome.org
  • 156.146.33.141
  • 212.102.56.182
  • 212.102.56.179
  • 156.146.33.15
  • 195.181.170.18
  • 195.181.175.16
  • 195.181.175.41
  • 156.146.33.137
  • 2a02:6ea0:c700::11
  • 2a02:6ea0:c700::17
  • 2a02:6ea0:c700::18
  • 2a02:6ea0:c700::101
  • 2a02:6ea0:c700::21
  • 2a02:6ea0:c700::22
  • 2a02:6ea0:c700::10
  • 2a02:6ea0:c700::19
unknown
api.snapcraft.io
  • 185.125.188.55
  • 185.125.188.54
  • 185.125.188.59
  • 185.125.188.58
unknown
128.100.168.192.in-addr.arpa
unknown
connectivity-check.ubuntu.com
  • 2620:2d:4000:1::97
  • 2620:2d:4000:1::96
  • 2001:67c:1562::23
  • 2620:2d:4000:1::22
  • 2620:2d:4002:1::198
  • 2620:2d:4002:1::196
  • 2620:2d:4000:1::23
  • 2001:67c:1562::24
  • 2620:2d:4000:1::2a
  • 2620:2d:4002:1::197
  • 2620:2d:4000:1::98
  • 2620:2d:4000:1::2b
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Subscription Intern Overview Deck (student).pdf