e27bfdc762cb0ebf223d516759d99ac9fb98fbabf647196fa0cc206c72906dfb

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
01/07/2024, 14:02

Target

1b93210505bfdb0bf33c34ca5499dfbb_JaffaCakes118.pdf
Size

87KB
MD5

1b93210505bfdb0bf33c34ca5499dfbb
SHA1

02910368445cb29187c0fe8d111ee9184bf4d952
SHA256

e27bfdc762cb0ebf223d516759d99ac9fb98fbabf647196fa0cc206c72906dfb
SHA512

461b6804a26367e4372c0e635da4ace9058b16f1defc218f0955b316b5a22d32e46b1cadbb9815c4f180aa8d78384b498de08440557fd1f7a6092569c6463900
SSDEEP

384:bONbedw+lJ5oYzDfoD1DTDwDuB4395TDvtDXAMg7JHW8DjIhh4H1igD3JqmDKZBe:W

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2616	2220	WerFault.exe	27

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2616	2220	AcroRd32.exe	28
PID 2220 wrote to memory of 2616	2220	AcroRd32.exe	28
PID 2220 wrote to memory of 2616	2220	AcroRd32.exe	28
PID 2220 wrote to memory of 2616	2220	AcroRd32.exe	28

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\1b93210505bfdb0bf33c34ca5499dfbb_JaffaCakes118.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 752
  2⤵
  - Program crash
  PID:2616

memory/2220-0-0x0000000002E40000-0x0000000002EB6000-memory.dmp

Filesize
472KB

Download