f05b3784fa03728a61f473738db94bc7d6588b80e97daaf9134492f63e637315

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 22:56

Target

1f2722819e9c8ae5170920085f2c7761.pdf
Size

16KB
MD5

1f2722819e9c8ae5170920085f2c7761
SHA1

3850b1e6040a8df9c7d6244b8722c381be5111b5
SHA256

f05b3784fa03728a61f473738db94bc7d6588b80e97daaf9134492f63e637315
SHA512

c4858e46f331762841e471e68180b050ae371fa8ac87a204abdb993659662cd288e56dc75495e4cd96a35a9cebbbfe385d6d73c8fd15a2538f6645b2f0cd66eb
SSDEEP

384:4ONyCeewIjJizpzVoA6iJubGrTjTdjIJJehLQJu7wbgHs5oxhxuAfSSS1oYS1Sbs:kzVV6iJVDhjIJPAVfjgMNFrp

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2892	3036	WerFault.exe	27

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 2892	3036	AcroRd32.exe	28
PID 3036 wrote to memory of 2892	3036	AcroRd32.exe	28
PID 3036 wrote to memory of 2892	3036	AcroRd32.exe	28
PID 3036 wrote to memory of 2892	3036	AcroRd32.exe	28

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\1f2722819e9c8ae5170920085f2c7761.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 756
  2⤵
  - Program crash
  PID:2892

memory/3036-0-0x0000000003EB0000-0x0000000003F26000-memory.dmp

Filesize
472KB

Download