Analysis
-
max time kernel
3s -
max time network
9s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
22-10-2022 07:21
Behavioral task
behavioral1
Sample
0aa554e58704d5b912f4cc84e709b8b5021abb7d2fa9b783ce97c967cf966ddc.pdf
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
0aa554e58704d5b912f4cc84e709b8b5021abb7d2fa9b783ce97c967cf966ddc.pdf
Resource
win10v2004-20220901-en
General
-
Target
0aa554e58704d5b912f4cc84e709b8b5021abb7d2fa9b783ce97c967cf966ddc.pdf
-
Size
31KB
-
MD5
40d1935b8e61ff7c35e2079895ebce2a
-
SHA1
3ca13afd963c9f0dc48aab2bfb88b2e9a8a04499
-
SHA256
0aa554e58704d5b912f4cc84e709b8b5021abb7d2fa9b783ce97c967cf966ddc
-
SHA512
0e91d0eaa2368a6143c6149bd4ee8b1cf8a7dcb36f54a22059212d025da4201d3399b626876e56c145c982f4f49b3a77ee52cdb785ade321c2adbd307c9700a5
-
SSDEEP
768:eZXFpwRaWGqZEnyX6E3IldBm7Ye50umIrv4X++SSE4JaW9V1BpqfkFn:KkRade50XI/+aIaWEf2
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1476 1816 WerFault.exe AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
AcroRd32.exepid process 1816 AcroRd32.exe 1816 AcroRd32.exe 1816 AcroRd32.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
AcroRd32.exedescription pid process target process PID 1816 wrote to memory of 1476 1816 AcroRd32.exe WerFault.exe PID 1816 wrote to memory of 1476 1816 AcroRd32.exe WerFault.exe PID 1816 wrote to memory of 1476 1816 AcroRd32.exe WerFault.exe PID 1816 wrote to memory of 1476 1816 AcroRd32.exe WerFault.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\0aa554e58704d5b912f4cc84e709b8b5021abb7d2fa9b783ce97c967cf966ddc.pdf"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 6642⤵
- Program crash