7e534a1ed8a1f2f4f023fc9a6be6efc4536d914c540e29512b7c5854efbd6b48

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
01/07/2024, 08:39

Target

1aa2c90df7f10ffe8c45dcaf7e78203a_JaffaCakes118.pdf
Size

106KB
MD5

1aa2c90df7f10ffe8c45dcaf7e78203a
SHA1

f1473eaa5a9290653a8daf9e5381a1614bde4d28
SHA256

7e534a1ed8a1f2f4f023fc9a6be6efc4536d914c540e29512b7c5854efbd6b48
SHA512

d0b43a3c0fe802c721bb8a7d1c51adf07d016b057229f71ee60ba17006b95be5edbd7629523399c265a7bef90688e3a9fdb509e572d93829c4c171146e6ef8bf
SSDEEP

384:bONbedw+lJ5vXHT5y5yFgtpWRvm7NXfLCm9z6j2RmYyB4BM1oEuINXdYS9wCdmNI:b

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2544	2364	WerFault.exe	27

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2544	2364	AcroRd32.exe	28
PID 2364 wrote to memory of 2544	2364	AcroRd32.exe	28
PID 2364 wrote to memory of 2544	2364	AcroRd32.exe	28
PID 2364 wrote to memory of 2544	2364	AcroRd32.exe	28

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\1aa2c90df7f10ffe8c45dcaf7e78203a_JaffaCakes118.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 760
  2⤵
  - Program crash
  PID:2544

memory/2364-0-0x0000000002950000-0x00000000029C6000-memory.dmp

Filesize
472KB

Download