abcba9fabfaae34bbb2505456061e88eaf41365e652fa5647f6edcf3f00bff7c | Triage

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/02/2024, 06:39

Sharing

Report Analysis Logs

General

Target

9b04b968c92dc927e73ccb66cdd74a67.pdf
Size

16KB
MD5

9b04b968c92dc927e73ccb66cdd74a67
SHA1

969e0c874dcb410f28d9f69660d4b6db8f711449
SHA256

abcba9fabfaae34bbb2505456061e88eaf41365e652fa5647f6edcf3f00bff7c
SHA512

0fc549e4a8a857c34b14f9550a29994b6430aeb369931d3ebfdce0ccc344bffb895150b5c1282ec03bb523c8b3a3b6f6a36620964d9b4e735bc40353637ad2e0
SSDEEP

384:4ONyCeewIjJizXiqoYxsgu/OPD3QXUEqeEv:Enu/OPD3QXU/eS

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2160	1992	WerFault.exe	27

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1992	AcroRd32.exe
1992	AcroRd32.exe
1992	AcroRd32.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 2160	1992	AcroRd32.exe	28
PID 1992 wrote to memory of 2160	1992	AcroRd32.exe	28
PID 1992 wrote to memory of 2160	1992	AcroRd32.exe	28
PID 1992 wrote to memory of 2160	1992	AcroRd32.exe	28

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\9b04b968c92dc927e73ccb66cdd74a67.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 756
  2⤵
  - Program crash
  PID:2160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1992-0-0x0000000003360000-0x00000000033D6000-memory.dmp

Filesize
472KB

Download