Analysis
-
max time kernel
119s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
26-01-2024 12:23
Behavioral task
behavioral1
Sample
77590adf0950515e39f1ba71991727c6.pdf
Resource
win7-20231215-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
77590adf0950515e39f1ba71991727c6.pdf
Resource
win10v2004-20231222-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
77590adf0950515e39f1ba71991727c6.pdf
-
Size
53KB
-
MD5
77590adf0950515e39f1ba71991727c6
-
SHA1
061bf7176d6cd5dc5998ffd28eaac88d50b92d8c
-
SHA256
19820d1f9079e04d1e7b7708e5037cc8c7c585c5276d327bd96354baa7c3ca0a
-
SHA512
e3fac3bb1c825d0aa1f6217f5b01d4669d4aa0e78e05443192dcfaa6323a780b638de50856b0fd5bf00598a48d3f7621df53556a9b37850a83c770f5423d6ea3
-
SSDEEP
192:bONbedw+lJ5MLndTp2wU26MLGjQGERTicKU09ZtRHoqfs42RWsNWIsyMk9eej5gN:bONbedw+lJ50rTtRYbACAO2gaYvt3
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2296 1220 WerFault.exe 27 -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1220 AcroRd32.exe 1220 AcroRd32.exe 1220 AcroRd32.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1220 wrote to memory of 2296 1220 AcroRd32.exe 28 PID 1220 wrote to memory of 2296 1220 AcroRd32.exe 28 PID 1220 wrote to memory of 2296 1220 AcroRd32.exe 28 PID 1220 wrote to memory of 2296 1220 AcroRd32.exe 28
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\77590adf0950515e39f1ba71991727c6.pdf"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1220 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 7602⤵
- Program crash
PID:2296
-