1cae805ebfde4f44048cca62dbe52ee756cd73713ad61d763f863260ccda9c90

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
27/06/2024, 14:35

Target

165a05a0292b610e7f02d95a6a942a8e_JaffaCakes118.pdf
Size

12KB
MD5

165a05a0292b610e7f02d95a6a942a8e
SHA1

f6def705972ff4e6ac71b215709b948826e3bab5
SHA256

1cae805ebfde4f44048cca62dbe52ee756cd73713ad61d763f863260ccda9c90
SHA512

5818ae1e4f2885921355e2b8a2f812a0f9f4f82de86afacbb739c4998894bad6437d26d599c3eb93f5e4e1c12ef0dbcbf8d73219f45eec37a66125242f3386bd
SSDEEP

384:bONbedw+lJ59MWA+zal+TJym2fQ7PMbHRjvbwXTrbopY1/G7mXpfLa3:EjSS+1r2fQ7PWjvsfEfK5D+

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2920	840	WerFault.exe	27

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 840 wrote to memory of 2920	840	AcroRd32.exe	28
PID 840 wrote to memory of 2920	840	AcroRd32.exe	28
PID 840 wrote to memory of 2920	840	AcroRd32.exe	28
PID 840 wrote to memory of 2920	840	AcroRd32.exe	28

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\165a05a0292b610e7f02d95a6a942a8e_JaffaCakes118.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:840
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 752
  2⤵
  - Program crash
  PID:2920

memory/840-0-0x0000000003D90000-0x0000000003E06000-memory.dmp

Filesize
472KB

Download