24ff89e1e19a8cc39ccbf1554c7276ec55da64961782b0461a5fe1715e1512de

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
19/06/2024, 21:53

Target

00b76b5afe8271ee0573ed7a5354b643_JaffaCakes118.pdf
Size

12KB
MD5

00b76b5afe8271ee0573ed7a5354b643
SHA1

048495ffc27f9a76211bb1b3c4f2be856e9eb070
SHA256

24ff89e1e19a8cc39ccbf1554c7276ec55da64961782b0461a5fe1715e1512de
SHA512

c5e1cce6b451d1105b85b60ba4fc714ae2ada8cfb1f2f35a5362e4909b572f50db264ab9be620675672e714478537b1743aeba150dcd90976fc0791b58d454cb
SSDEEP

192:bONbedw+lJ5jsCvURHsphbVsUb0Kxc8986tRUGjmoMLNoCKQTwJFjWDYBaXQxAKQ:bONbedw+lJ5l28sS8m4x4BhAZ3

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2380	2432	WerFault.exe	27

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2432 wrote to memory of 2380	2432	AcroRd32.exe	28
PID 2432 wrote to memory of 2380	2432	AcroRd32.exe	28
PID 2432 wrote to memory of 2380	2432	AcroRd32.exe	28
PID 2432 wrote to memory of 2380	2432	AcroRd32.exe	28

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\00b76b5afe8271ee0573ed7a5354b643_JaffaCakes118.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 764
  2⤵
  - Program crash
  PID:2380

memory/2432-0-0x0000000003DB0000-0x0000000003E26000-memory.dmp

Filesize
472KB

Download