4c916788445be840039210d387ddce2c86babf182a3d0eeee736abbd0f17507c

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 13:38

Target

cb8b9a7f3bc68f321136876c21871764.pdf
Size

11KB
MD5

cb8b9a7f3bc68f321136876c21871764
SHA1

03b90e819bcec0fffe36baf06a3fa94052433f2a
SHA256

4c916788445be840039210d387ddce2c86babf182a3d0eeee736abbd0f17507c
SHA512

77fca97bdd2a8a6929fc8cf59a18ac027152a2bcd21047651575adc0380045de45346079aa9d6c7e321ebd31414cf4f92c774370c607afb6953dcbb6f667ffb0
SSDEEP

192:bONbedw+lJ5QpI+UkyxjHOyqiZFRZYmbt6ZOPga27VAVeVDVnKuz1cvPYeAMsj3:bONbedw+lJ5QpIXkyxjHhqitVmpa2VAC

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2520	2820	WerFault.exe	27

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2820 wrote to memory of 2520	2820	AcroRd32.exe	28
PID 2820 wrote to memory of 2520	2820	AcroRd32.exe	28
PID 2820 wrote to memory of 2520	2820	AcroRd32.exe	28
PID 2820 wrote to memory of 2520	2820	AcroRd32.exe	28

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\cb8b9a7f3bc68f321136876c21871764.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2820
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 760
  2⤵
  - Program crash
  PID:2520

memory/2820-0-0x0000000004E10000-0x0000000004E86000-memory.dmp

Filesize
472KB

Download