12e61591f458d58a7a3f4c49290a8dcfbdbabbcddfa1a64195b162ff4003828d | Triage

Analysis

max time kernel
18s
max time network
25s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 06:54

Sharing

Report Analysis Logs

General

Target

2c5c04525b772107e6c0fbe823391541.pdf
Size

16KB
MD5

2c5c04525b772107e6c0fbe823391541
SHA1

2e747d9316fdab15d4c4d2c3a1f89fcdc450991b
SHA256

12e61591f458d58a7a3f4c49290a8dcfbdbabbcddfa1a64195b162ff4003828d
SHA512

41d572aa11963d092ccb14a506f6ac7aec6b030afcd34581b55fcf144f3efa9896c4f4bd7fab84d4c97890b1e9c090b281e79184a3c31914355f8fe1605f567e
SSDEEP

384:4ONyCeewIjJizZmkRxhy7sz5eOiRySza3qy/g6yuv:sy7sz5eRs

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2720	2864	WerFault.exe	27

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2864	AcroRd32.exe
2864	AcroRd32.exe
2864	AcroRd32.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2864 wrote to memory of 2720	2864	AcroRd32.exe	30
PID 2864 wrote to memory of 2720	2864	AcroRd32.exe	30
PID 2864 wrote to memory of 2720	2864	AcroRd32.exe	30
PID 2864 wrote to memory of 2720	2864	AcroRd32.exe	30

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\2c5c04525b772107e6c0fbe823391541.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2864
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 756
  2⤵
  - Program crash
  PID:2720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2864-0-0x0000000002EE0000-0x0000000002F56000-memory.dmp

Filesize
472KB

Download