38b18ec93db307f717f0f2be86137fffee6a0d4a7cdee106374a1524cbd43284

Analysis

max time kernel
120s
max time network
178s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 01:09

Target

481040a1c7ae34ab74af5eac3473bde8.pdf
Size

13KB
MD5

481040a1c7ae34ab74af5eac3473bde8
SHA1

b2627e6de6526dadbedbf721f7190d917aa7c8c9
SHA256

38b18ec93db307f717f0f2be86137fffee6a0d4a7cdee106374a1524cbd43284
SHA512

6d0854ab6c59100c03411ab541a36db0d365dfb7f6d7aa14b5d13f9755cab0f1ee497b62e3147cd3383c17708b4d7fc3db95709ecbd8911cedb03170d2745d07
SSDEEP

384:shzaNwAO9GiM5fdtttFWQi/60G78s4djN:khZGiM5fdtttFWQC6d8si

Score

1^/10

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 2904	2060	AcroRd32.exe	31
PID 2060 wrote to memory of 2904	2060	AcroRd32.exe	31
PID 2060 wrote to memory of 2904	2060	AcroRd32.exe	31
PID 2060 wrote to memory of 2904	2060	AcroRd32.exe	31
PID 2060 wrote to memory of 2904	2060	AcroRd32.exe	31
PID 2060 wrote to memory of 2904	2060	AcroRd32.exe	31
PID 2060 wrote to memory of 2904	2060	AcroRd32.exe	31

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\481040a1c7ae34ab74af5eac3473bde8.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Windows\SysWOW64\regsvr32.exe
  regsvr32 -s C:\Users\Admin\AppData\Local\Temp\wpbt0.dll
  2⤵
  PID:2904

C:\Users\Admin\AppData\Local\Temp\wpbt0.dll

Filesize
2KB

MD5
d8b6f29f91c180b29e26c6ed0d17f11f

SHA1
4bbd89d380556ab578c57ea81f7ba51263d530b8

SHA256
212ad0074a3867f0c24b7db4afd2efb6a1cfff97255c136170ee6856d6508aa7

SHA512
287eb486e68bcd34a7f654c12e163e1a143675c345d1ff040e44c404c79ee51384067c42a5feb7634865e636473b7dec4610a88e4d862afe7bd6483f74c3d663

Download Submit
memory/2060-0-0x00000000037F0000-0x0000000003866000-memory.dmp

Filesize
472KB

Download
memory/2060-3-0x0000000002680000-0x0000000002681000-memory.dmp

Filesize
4KB

Download
memory/2060-10-0x0000000002680000-0x0000000002681000-memory.dmp

Filesize
4KB

Download