30b05ea1b5f3788983f795db8d327e4b464958f63dc2dfc2a3b30858de5d0da2

Analysis

max time kernel
117s
max time network
149s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 09:55

Target

6552404ecf6eebce940f6bb57b3c60ff.pdf
Size

9KB
MD5

6552404ecf6eebce940f6bb57b3c60ff
SHA1

21afdabc4bbfe7eeeacd2d741e75715b01201253
SHA256

30b05ea1b5f3788983f795db8d327e4b464958f63dc2dfc2a3b30858de5d0da2
SHA512

a8196ffc4eb4dd228c4458e9987b7ea24afe5ab70339a459eeb307b6af640a2cc07fdac289abcf7892b486b499559706c7f2a9d5c9382f4343ccf0bc834479ba
SSDEEP

192:F3hzajYywAO9G+/vqvQNi/60un/TEI4hVDk2G+IkxDbufs1V9+jE:dhzazwAO9GiUQi/60G7x4hdD7IEbuU97

Score

1^/10

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1340 wrote to memory of 2128	1340	AcroRd32.exe	29
PID 1340 wrote to memory of 2128	1340	AcroRd32.exe	29
PID 1340 wrote to memory of 2128	1340	AcroRd32.exe	29
PID 1340 wrote to memory of 2128	1340	AcroRd32.exe	29
PID 1340 wrote to memory of 2128	1340	AcroRd32.exe	29
PID 1340 wrote to memory of 2128	1340	AcroRd32.exe	29
PID 1340 wrote to memory of 2128	1340	AcroRd32.exe	29

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\6552404ecf6eebce940f6bb57b3c60ff.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1340
- C:\Windows\SysWOW64\regsvr32.exe
  regsvr32 -s C:\Users\Admin\AppData\Local\Temp\wpbt0.dll
  2⤵
  PID:2128

C:\Users\Admin\AppData\Local\Temp\wpbt0.dll

Filesize
1KB

MD5
25e5962d6455f224412560450b444a55

SHA1
67d09d106b5a3d71b616c2b820181a7b72fc5705

SHA256
636b745ffa945334fc8bd552db3b3f8fec331ec4b3334045dc0a8385b54045c1

SHA512
f016ca7d73f222f4a7c4d3ad41585508529e2d66e1586772c6fc173f2adb92403124377a82bf9dcd71268b323b87b1f338a1b08b99cb37cc50267123d9e6b7c9

Download Submit
memory/1340-0-0x0000000003670000-0x00000000036E6000-memory.dmp

Filesize
472KB

Download
memory/1340-3-0x00000000020A0000-0x00000000020A1000-memory.dmp

Filesize
4KB

Download
memory/1340-10-0x00000000020A0000-0x00000000020A1000-memory.dmp

Filesize
4KB

Download