e84fcb4980ba29bec4425981d3339e70b20c80516ad299f5f3f5c1d14e720155

Analysis

max time kernel
148s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
11-09-2022 06:34

Target

Digital forensics and incident response incident response techniques and procedures to respond to m.pdf
Size

67.6MB
MD5

4b05d8c40a8facdea608f8a5dba6cd06
SHA1

c4c27a817c6b63164d1de3e0889302b5d92c2d7d
SHA256

e84fcb4980ba29bec4425981d3339e70b20c80516ad299f5f3f5c1d14e720155
SHA512

2b016df3a9514ddeb9ea6dc84c5b5b26ef06890b3310f44ec694fcec5d94d38eddf152ab1ba490012ec47aa3282715cb74353378bca6416ff636c82ac781b9fc
SSDEEP

1572864:X2OPjqNkw83WJ12SzWsMWFNZjh5XLZZFYc9Hg4viub6:mO7qNklwASd9jh5VZ2c24quW

Score

1^/10

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

AcroRd32.exe

pid process

1200 AcroRd32.exe
1200 AcroRd32.exe
1200 AcroRd32.exe
1200 AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Digital forensics and incident response incident response techniques and procedures to respond to m.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1200

memory/1200-54-0x0000000075AC1000-0x0000000075AC3000-memory.dmp

Filesize
8KB

Download