3a2c6d160ad08f81a04674253926426109c7b73bb86aa9a6d4c1586731fb81c0

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 19:59

Target

0f57b303d0faf2abe182528814743188_JaffaCakes118.pdf
Size

87KB
MD5

0f57b303d0faf2abe182528814743188
SHA1

b444fba41732c8aae464236f1c9a7c87c1a6a71c
SHA256

3a2c6d160ad08f81a04674253926426109c7b73bb86aa9a6d4c1586731fb81c0
SHA512

16a4767b2734f31b11eadc614d336e0a7153c79fc3e8b8ea170527c99bb183b60cbc3c13b9804a1f333c44b419a810b787a01f57634bffb882cbeecef7770879
SSDEEP

384:bONbedw+lJ5z4p+fIYaltH8yWovDMD/rGihFxVQ1Ihu8hC3Kb1l/AQ5EKqBXBhbk:n

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3008	1540	WerFault.exe	27

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1540 wrote to memory of 3008	1540	AcroRd32.exe	28
PID 1540 wrote to memory of 3008	1540	AcroRd32.exe	28
PID 1540 wrote to memory of 3008	1540	AcroRd32.exe	28
PID 1540 wrote to memory of 3008	1540	AcroRd32.exe	28

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\0f57b303d0faf2abe182528814743188_JaffaCakes118.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1540
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 752
  2⤵
  - Program crash
  PID:3008

memory/1540-0-0x00000000027F0000-0x0000000002866000-memory.dmp

Filesize
472KB

Download