f3b22b6255f9dcb19d8e3407261d89cb6a9771667adc96277be6c79edf52bb0f

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/03/2024, 06:13

Target

bddf96bbb3de65295d179779b625b664.pdf
Size

132KB
MD5

bddf96bbb3de65295d179779b625b664
SHA1

6493485d4aa3607c8ba0c4123f15556a2f18c033
SHA256

f3b22b6255f9dcb19d8e3407261d89cb6a9771667adc96277be6c79edf52bb0f
SHA512

c926c9afe9a8ce804574cebaff4ab96bb7e6f80510927701383c4f749cb591402fb0b2e687e7d6db25bd1f24ff1838de69e0cbcec6316a661a88dd7692a62137
SSDEEP

768:C+2FZvhAE2KWfGj0CR6tYPbPhxEke+zm96A8Kd0/K1ek81zPlYPlvwN/OKcQ9OG3:Cj

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1412	1940	WerFault.exe	27

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1940 wrote to memory of 1412	1940	AcroRd32.exe	28
PID 1940 wrote to memory of 1412	1940	AcroRd32.exe	28
PID 1940 wrote to memory of 1412	1940	AcroRd32.exe	28
PID 1940 wrote to memory of 1412	1940	AcroRd32.exe	28

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\bddf96bbb3de65295d179779b625b664.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1940
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 752
  2⤵
  - Program crash
  PID:1412

memory/1940-0-0x0000000003D50000-0x0000000003DC6000-memory.dmp

Filesize
472KB

Download