b318af2691aad185822b43754b13acc3a6b3fef362469414283a3b8683e372f2

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
27-06-2024 05:02

Target

14c3f920969e20dc20591299d9c3a2da_JaffaCakes118.pdf
Size

14KB
MD5

14c3f920969e20dc20591299d9c3a2da
SHA1

beef9137aabdee4cfdb89330ad925dd7b6f5cfc2
SHA256

b318af2691aad185822b43754b13acc3a6b3fef362469414283a3b8683e372f2
SHA512

a560922ac5be716eeb4bdf4ddd7fac96980244955137be927cd43ab41fcaecf3a61060cf4414a49d06468d5cdc2ba6d3feddc884694e37bf10416f1a81fc0cb3
SSDEEP

384:4ONT7lEbvrWhAsG9rGrqi9zVXer2MqmpcxYhPZzV4fvwdCeewIjJizIgz:g6YvGG

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2220	2164	WerFault.exe	27

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 2220	2164	AcroRd32.exe	28
PID 2164 wrote to memory of 2220	2164	AcroRd32.exe	28
PID 2164 wrote to memory of 2220	2164	AcroRd32.exe	28
PID 2164 wrote to memory of 2220	2164	AcroRd32.exe	28

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\14c3f920969e20dc20591299d9c3a2da_JaffaCakes118.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 752
  2⤵
  - Program crash
  PID:2220

memory/2164-0-0x0000000002BB0000-0x0000000002C26000-memory.dmp

Filesize
472KB

Download