c5d33ef8d7645247565fdd057ab9bebe4910a97bf8a4bf6e72a024b1c868d56e

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 14:15

Target

397747425646f29cb8b49128a8f1af79.pdf
Size

53KB
MD5

397747425646f29cb8b49128a8f1af79
SHA1

41ea353b9af1d0f7bfc06a1254a3a2da0074314b
SHA256

c5d33ef8d7645247565fdd057ab9bebe4910a97bf8a4bf6e72a024b1c868d56e
SHA512

3dccf76f3d20eb1d9fec096586ce4e3653eebe2972a1258659a0ad86917433b5d61032bba3a9e8c9240de75df88278b778f9f05790cdc6c7dbb41892c9a468d3
SSDEEP

384:bONbedw+lJ5+rw/QKQeG3/6Ff7cT5MXIfjQEa3/o/qFksaXVSMYhURTBbSDCIhs2:l

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2712	2112	WerFault.exe	27

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 2712	2112	AcroRd32.exe	28
PID 2112 wrote to memory of 2712	2112	AcroRd32.exe	28
PID 2112 wrote to memory of 2712	2112	AcroRd32.exe	28
PID 2112 wrote to memory of 2712	2112	AcroRd32.exe	28

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\397747425646f29cb8b49128a8f1af79.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 752
  2⤵
  - Program crash
  PID:2712

memory/2112-0-0x0000000001130000-0x00000000011A6000-memory.dmp

Filesize
472KB

Download