Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
31-01-2024 11:29
Behavioral task
behavioral1
Sample
844c95e25d05e1bbe4f8f0b50bb00b0a.pdf
Resource
win7-20231215-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
844c95e25d05e1bbe4f8f0b50bb00b0a.pdf
Resource
win10v2004-20231222-en
6 signatures
150 seconds
General
-
Target
844c95e25d05e1bbe4f8f0b50bb00b0a.pdf
-
Size
7KB
-
MD5
844c95e25d05e1bbe4f8f0b50bb00b0a
-
SHA1
38f23bd99fec4cf0716064a1a071515db9614a3f
-
SHA256
e47c9278b35dbe3a6b5cdb4509cedc4ea5ee0b9d777e2ad149e46d85c7e06858
-
SHA512
a5a6bd0b03990a90ab4c5399c2a3b7295151face96b63d317abc7e5580ac1ebd8c0a0332333f5e9e98554d5d89b3334afc5110afc67b3705a58ad65cd3ae04fb
-
SSDEEP
192:6bTiwHkcTISIJoLFoHgHP8/9JzmIx/aVOr1Rh:6bHHLjIOhoHgv8/9JzmsHh
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1784 1948 WerFault.exe AcroRd32.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
AcroRd32.exepid process 1948 AcroRd32.exe 1948 AcroRd32.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
AcroRd32.exedescription pid process target process PID 1948 wrote to memory of 1784 1948 AcroRd32.exe WerFault.exe PID 1948 wrote to memory of 1784 1948 AcroRd32.exe WerFault.exe PID 1948 wrote to memory of 1784 1948 AcroRd32.exe WerFault.exe PID 1948 wrote to memory of 1784 1948 AcroRd32.exe WerFault.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\844c95e25d05e1bbe4f8f0b50bb00b0a.pdf"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1948 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 6842⤵
- Program crash
PID:1784