4a291367f58f25aa89ae85e93b5b893b454bb3a5e64690f1bd615bdf4c7b228f

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 13:01

Target

708c2015b4da861c69260cfcf4547b34.pdf
Size

31KB
MD5

708c2015b4da861c69260cfcf4547b34
SHA1

d7f01d9a0abd1c3e8823b9b6b810a8aab683a094
SHA256

4a291367f58f25aa89ae85e93b5b893b454bb3a5e64690f1bd615bdf4c7b228f
SHA512

b4788a86cfc56c24ab6818f9d1595a022c0df83dee99830c182cfe52f2766a2baf05c1a1f81ec84cea21516ad5223955e853fe7c731a384788a29a5c7c6d737c
SSDEEP

192:WysNHKsgEgEj/GiijAmms6dji4ANQF0vp6JXbptl25z1PHrIYAMz4E+:WysN0VOeLDAMz4E+

Score

1^/10

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2432 wrote to memory of 2960	2432	AcroRd32.exe	28
PID 2432 wrote to memory of 2960	2432	AcroRd32.exe	28
PID 2432 wrote to memory of 2960	2432	AcroRd32.exe	28
PID 2432 wrote to memory of 2960	2432	AcroRd32.exe	28
PID 2432 wrote to memory of 2960	2432	AcroRd32.exe	28
PID 2432 wrote to memory of 2960	2432	AcroRd32.exe	28
PID 2432 wrote to memory of 2960	2432	AcroRd32.exe	28

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\708c2015b4da861c69260cfcf4547b34.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Windows\SysWOW64\regsvr32.exe
  regsvr32 -s C:\Users\Admin\AppData\Local\Temp\wpbt0.dll
  2⤵
  PID:2960

C:\Users\Admin\AppData\Local\Temp\wpbt0.dll

Filesize
15KB

MD5
0fb684cc15d197c0b937e5528359d7c8

SHA1
7d963246f52f42012bdcddb31214283c84c954ed

SHA256
e767d70fc57483aae7a20cb094a9bfc1fd4f04e97fb772cd6892d057e5be4260

SHA512
c40335f72f802479dc0926704d87670a782362fedae5bb50179d427fc343c6a33cfe09f4640acb15624d1511d3d66f76d87f663f9ad430fc2ddb00c54056103c

Download Submit
memory/2432-0-0x0000000003C30000-0x0000000003CA6000-memory.dmp

Filesize
472KB

Download
memory/2432-3-0x0000000001160000-0x0000000001161000-memory.dmp

Filesize
4KB

Download
memory/2432-10-0x0000000001160000-0x0000000001161000-memory.dmp

Filesize
4KB

Download