Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
08-02-2024 02:42
Behavioral task
behavioral1
Sample
958b4ea7e160137f31e8624ba133547b.pdf
Resource
win7-20231215-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
958b4ea7e160137f31e8624ba133547b.pdf
Resource
win10v2004-20231215-en
6 signatures
150 seconds
General
-
Target
958b4ea7e160137f31e8624ba133547b.pdf
-
Size
7KB
-
MD5
958b4ea7e160137f31e8624ba133547b
-
SHA1
47ebbd48d84449b22b7bfbc7dcf2a56c1a201dfd
-
SHA256
e2f53ef3b8439c2fada5164b998a60813154770433a18d9e60ef306a4db80378
-
SHA512
338b3f0fa86ccd9df7b9082f6b12a783ec0d68fcdb2a9d21931680382d4bfb75e2ac07765c5a3f05ad6449cb15e13a5ab58ed4950cdd315ef4d0ec4d24e757e4
-
SSDEEP
192:6D52BKugdwsWSZwFNsGpofFOJZj85zlvpcphbZJp:6D58KugdwcUJofFeZj85zlaDB
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2780 3056 WerFault.exe AcroRd32.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
AcroRd32.exepid process 3056 AcroRd32.exe 3056 AcroRd32.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
AcroRd32.exedescription pid process target process PID 3056 wrote to memory of 2780 3056 AcroRd32.exe WerFault.exe PID 3056 wrote to memory of 2780 3056 AcroRd32.exe WerFault.exe PID 3056 wrote to memory of 2780 3056 AcroRd32.exe WerFault.exe PID 3056 wrote to memory of 2780 3056 AcroRd32.exe WerFault.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\958b4ea7e160137f31e8624ba133547b.pdf"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3056 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 7122⤵
- Program crash
PID:2780