a0197278df66a0d861937f0228b4d8ef6d7c90a4a23bcf60452260f9a50ad5cf | Triage

Analysis

max time kernel
40s
max time network
43s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
17-08-2022 16:00

Sharing

Report Analysis Logs

General

Target

400000.PTTEM CONTRACTS LK-39874672320.pdf.exe
Size

440KB
MD5

a3233dbeaea1f113696d9cfad791100e
SHA1

40b021c6ed88ef4ff3dd01bb0ae86606d54db86c
SHA256

a0197278df66a0d861937f0228b4d8ef6d7c90a4a23bcf60452260f9a50ad5cf
SHA512

55014633cb161e468b7551ed9d7e09c2d969a3a155484daff2a604d0af4e310096f1226cffb1a1455661b29d4ba80db71cdb078f1c5e73eed543afcbbdbb687a

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1476	1388	WerFault.exe	25

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1388	400000.PTTEM CONTRACTS LK-39874672320.pdf.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1388 wrote to memory of 1476	1388	400000.PTTEM CONTRACTS LK-39874672320.pdf.exe	26
PID 1388 wrote to memory of 1476	1388	400000.PTTEM CONTRACTS LK-39874672320.pdf.exe	26
PID 1388 wrote to memory of 1476	1388	400000.PTTEM CONTRACTS LK-39874672320.pdf.exe	26
PID 1388 wrote to memory of 1476	1388	400000.PTTEM CONTRACTS LK-39874672320.pdf.exe	26

C:\Users\Admin\AppData\Local\Temp\400000.PTTEM CONTRACTS LK-39874672320.pdf.exe
"C:\Users\Admin\AppData\Local\Temp\400000.PTTEM CONTRACTS LK-39874672320.pdf.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1388
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 188
  2⤵
  - Program crash
  PID:1476

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads