0e063d8165487510f5f86b71256daa2e4385c61a22e7d7d4d039e285b6186dea

Analysis

max time kernel
143s
max time network
146s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/01/2024, 01:49

Target

7bd648db7000d090d3e22dc1950f78fa.pdf
Size

112KB
MD5

7bd648db7000d090d3e22dc1950f78fa
SHA1

5332e4cec0b944e59a04ec591572c032cb9e4874
SHA256

0e063d8165487510f5f86b71256daa2e4385c61a22e7d7d4d039e285b6186dea
SHA512

d5b83b46243d6e9a22de67a787e745f99a56db01d6f741e95999bf0d02425048527a5d03c0c6032ad402b030c56619a1f0d2a8530c848057237c33647beadb5b
SSDEEP

768:DSfWZSVsV1YPveYmYGbLB/vbQNK775BoQ4mijVJipEhiD6T+bIxp0sO9PGVigGZw:I

Score

1^/10

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2500 wrote to memory of 2876	2500	AcroRd32.exe	28
PID 2500 wrote to memory of 2876	2500	AcroRd32.exe	28
PID 2500 wrote to memory of 2876	2500	AcroRd32.exe	28
PID 2500 wrote to memory of 2876	2500	AcroRd32.exe	28
PID 2500 wrote to memory of 2876	2500	AcroRd32.exe	28
PID 2500 wrote to memory of 2876	2500	AcroRd32.exe	28
PID 2500 wrote to memory of 2876	2500	AcroRd32.exe	28

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\7bd648db7000d090d3e22dc1950f78fa.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2500
- C:\Windows\SysWOW64\regsvr32.exe
  regsvr32 -s C:\Users\Admin\AppData\Local\Temp\wpbt0.dll
  2⤵
  PID:2876

C:\Users\Admin\AppData\Local\Temp\wpbt0.dll

Filesize
1KB

MD5
d6dbb1d9f4dbd86466d3c626349cd60b

SHA1
3f14e645866cf70c50e598e43cbfc37d016ed482

SHA256
2dab0ac68eef36a8453a91e70f0b0089be3a657c9036cda1883340bc03da59b2

SHA512
28947d167a6f91c624fdb115cd99ad847812e1c49d8201fd67f7d1d74ea609131655063025a7c5abbc1be6bc02c8c889a195636c36649a7a2b92707f922e91e8

Download Submit
memory/2500-0-0x00000000033B0000-0x0000000003426000-memory.dmp

Filesize
472KB

Download
memory/2500-3-0x0000000000CC0000-0x0000000000CC1000-memory.dmp

Filesize
4KB

Download
memory/2500-11-0x0000000000CC0000-0x0000000000CC1000-memory.dmp

Filesize
4KB

Download