22ef61c9b87c08379e03bc05742a5e493acba3b6d32083fa41ba500781fb81ab

Analysis

max time kernel
139s
max time network
149s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 20:40

Target

1c046073b7db5f8cebb00c7cd0edf843.pdf
Size

13KB
MD5

1c046073b7db5f8cebb00c7cd0edf843
SHA1

0a5102b252fbc7b5c1906599ea477bc9a6a631a6
SHA256

22ef61c9b87c08379e03bc05742a5e493acba3b6d32083fa41ba500781fb81ab
SHA512

5d8cc22da3587729e3b19790f93063b8fbed9cc09539a3ebea7cdc5a14164520bbad23ec27b962361b3ec7d6bc5226edff41659a6e160a42be056a74981304aa
SSDEEP

192:rQhzajYqwAO9G+/vvTs7hXbfym4GJVbBftJy/suiXI0vvQNi/60un/T8qvROdjzJ:shzaNwAO9GiM5fdtttbQi/60G78s4djN

Score

1^/10

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 2676	2988	AcroRd32.exe	28
PID 2988 wrote to memory of 2676	2988	AcroRd32.exe	28
PID 2988 wrote to memory of 2676	2988	AcroRd32.exe	28
PID 2988 wrote to memory of 2676	2988	AcroRd32.exe	28
PID 2988 wrote to memory of 2676	2988	AcroRd32.exe	28
PID 2988 wrote to memory of 2676	2988	AcroRd32.exe	28
PID 2988 wrote to memory of 2676	2988	AcroRd32.exe	28

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\1c046073b7db5f8cebb00c7cd0edf843.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Windows\SysWOW64\regsvr32.exe
  regsvr32 -s C:\Users\Admin\AppData\Local\Temp\wpbt0.dll
  2⤵
  PID:2676

C:\Users\Admin\AppData\Local\Temp\wpbt0.dll

Filesize
2KB

MD5
da336aef7c5e6a3203eae4b5507ece7a

SHA1
f1dc01637705aee190457b83146a1947e6ce5e61

SHA256
b2f79edec24e2f8a0d54ff4cace97e5ec106e15559616dbe94449b3fd4224686

SHA512
92c446447915b123e8c180d76733de148b19089405d60d8a70e3a09a1e46d32f9151ed45849ed88fb8af4c48c78f7f680a6a8015b81aeebe5a2b1a5832fffafc

Download Submit
memory/2988-0-0x0000000002FC0000-0x0000000003036000-memory.dmp

Filesize
472KB

Download
memory/2988-3-0x0000000002030000-0x0000000002031000-memory.dmp

Filesize
4KB

Download
memory/2988-4-0x0000000002030000-0x0000000002031000-memory.dmp

Filesize
4KB

Download