24108d503584316be33ee2d5fa201419e9d7d7d3535bcc663b7790645225cc72

Analysis

max time kernel
48s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 19:11

Target

24108d503584316be33ee2d5fa201419e9d7d7d3535bcc663b7790645225cc72.pdf
Size

122KB
MD5

57f8e534080e35eb06a7572e443ada45
SHA1

a89da2cc5a905238658fd0f6f258a4545d06100f
SHA256

24108d503584316be33ee2d5fa201419e9d7d7d3535bcc663b7790645225cc72
SHA512

d697663acfe7758c5b82e5f422d1e1e26420c8f8831adc66aed5de0db0d407b9bc4a5364f663191c5853c3270aff78f4e549b154442e1bb34c78964d855ead49
SSDEEP

3072:Cg5EQ9cTp/rutqbSKOyuOYJDvXAJAhDvTRY3zbg:Cg5VcTp/qobSGyJD0AJrRY3zc

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
996	1376	WerFault.exe	22

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1376 wrote to memory of 996	1376	AcroRd32.exe	26
PID 1376 wrote to memory of 996	1376	AcroRd32.exe	26
PID 1376 wrote to memory of 996	1376	AcroRd32.exe	26
PID 1376 wrote to memory of 996	1376	AcroRd32.exe	26

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\24108d503584316be33ee2d5fa201419e9d7d7d3535bcc663b7790645225cc72.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1376
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 668
  2⤵
  - Program crash
  PID:996

memory/1376-54-0x0000000075091000-0x0000000075093000-memory.dmp

Filesize
8KB

Download