f0d8e84105b7a4e984c79ea650fcc37fe46f6d7ae164c92f9830be34fc2d9c9d

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
03-07-2024 11:56

Target

224fafb6ab14595b2f8b4c6a592fbb7c_JaffaCakes118.pdf
Size

52KB
MD5

224fafb6ab14595b2f8b4c6a592fbb7c
SHA1

62692f2d7d6fa455e93ba213318abe281824c220
SHA256

f0d8e84105b7a4e984c79ea650fcc37fe46f6d7ae164c92f9830be34fc2d9c9d
SHA512

177a0ecd0c131805d274fa78a80f85b8917e48b8e008bf4da6d4a1a8f8977a2880b9e75f432681a8ccc160a961b5f44c12fa062219636dc085684d4c2b511659
SSDEEP

1536:v53bvVaFHM9sKs/h/ByFcPZWAz25nZQ9GC8xXmt8:R3bvVKZ/ByFcPZWAz25nZQ9GC8xz

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2104	2972	WerFault.exe	27

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 2104	2972	AcroRd32.exe	28
PID 2972 wrote to memory of 2104	2972	AcroRd32.exe	28
PID 2972 wrote to memory of 2104	2972	AcroRd32.exe	28
PID 2972 wrote to memory of 2104	2972	AcroRd32.exe	28

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\224fafb6ab14595b2f8b4c6a592fbb7c_JaffaCakes118.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 752
  2⤵
  - Program crash
  PID:2104

memory/2972-0-0x0000000002CF0000-0x0000000002D66000-memory.dmp

Filesize
472KB

Download