c9a0908ac1a6462a6e91042ec381d349553e1e17af4e898bfa7c75c5c4b58404

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 04:20

Target

02c1c67c85f5923d16c4153260223772_JaffaCakes118.pdf
Size

16KB
MD5

02c1c67c85f5923d16c4153260223772
SHA1

86844a98f53f855f8865d2a71d55a16c90f02924
SHA256

c9a0908ac1a6462a6e91042ec381d349553e1e17af4e898bfa7c75c5c4b58404
SHA512

fa409bb45e4c41c71aa8c0a2ef8e994dfae4f5cc56bb7ce62ee0588e8871164d48f9c3395528694de72f60dec4b969877feeb76c44d38a2bfd4256afea79002f
SSDEEP

384:4ONyCeewIjJizSZfy2Bk3icAG96xMzj6jmwyuFfxMzH9HQCQYzSnQVEv:zcZoEExFotVS

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3068	2020	WerFault.exe	27

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 3068	2020	AcroRd32.exe	28
PID 2020 wrote to memory of 3068	2020	AcroRd32.exe	28
PID 2020 wrote to memory of 3068	2020	AcroRd32.exe	28
PID 2020 wrote to memory of 3068	2020	AcroRd32.exe	28

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\02c1c67c85f5923d16c4153260223772_JaffaCakes118.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 760
  2⤵
  - Program crash
  PID:3068

memory/2020-1-0x0000000003180000-0x00000000031F6000-memory.dmp

Filesize
472KB

Download