d7ba59a2a8fb7853f1cc6d5647abd54efb2433d3a9d1e02aa73fbed7974f2b3e

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 09:19

Target

04a9e171bbe69aed8e818c4e14cb58bc_JaffaCakes118.pdf
Size

11KB
MD5

04a9e171bbe69aed8e818c4e14cb58bc
SHA1

a5845f2060b0f968e6c33f091776940cd847a4e5
SHA256

d7ba59a2a8fb7853f1cc6d5647abd54efb2433d3a9d1e02aa73fbed7974f2b3e
SHA512

3be00a19854bb20eea72a5a1502950a9a09b0cc8bd9217e01efbf4cd00f4654d990a353c8358f57db853b648e2187b2d05ad80a0b97e861dcb6050dd3c9c61f6
SSDEEP

192:bONbedw+lJ5NB+5FJvgA62decd+6xqea8e1lUIDOgMMpJtNz0vjSkMCMt3GI0+es:bONbedw+lJ5W5bvgA62kco6xqEFYlvVN

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2680	2788	WerFault.exe	27

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2788 wrote to memory of 2680	2788	AcroRd32.exe	28
PID 2788 wrote to memory of 2680	2788	AcroRd32.exe	28
PID 2788 wrote to memory of 2680	2788	AcroRd32.exe	28
PID 2788 wrote to memory of 2680	2788	AcroRd32.exe	28

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\04a9e171bbe69aed8e818c4e14cb58bc_JaffaCakes118.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2788
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 752
  2⤵
  - Program crash
  PID:2680

memory/2788-0-0x0000000003390000-0x0000000003406000-memory.dmp

Filesize
472KB

Download