dee9f079196fa883371545433f13fd1d00e17317ee1f62e5b2637ff5a5f64b3d

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
04-07-2024 04:02

Target

249004f321d6c80b981f89f7e2ea521f_JaffaCakes118.pdf
Size

12KB
MD5

249004f321d6c80b981f89f7e2ea521f
SHA1

327fb1a2e01ad1ac725920108d79f383b8f5a50f
SHA256

dee9f079196fa883371545433f13fd1d00e17317ee1f62e5b2637ff5a5f64b3d
SHA512

cbee9b0d3e7e1e39e987e8a50a6b06aed27bd601ea4ab5d0dafa1be2054d4df9be0e49a384b8ef81a729e5d9b92e8dd348dc03f3fd5f0748c68bc0e49188cca4
SSDEEP

192:bONbedw+lJ5eXRfxkBX2pj8G1ggJTAPbtaKdPaTwkgm2m73:bONbedw+lJ5eBT4dQn3

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2616	2436	WerFault.exe	27

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2436 wrote to memory of 2616	2436	AcroRd32.exe	28
PID 2436 wrote to memory of 2616	2436	AcroRd32.exe	28
PID 2436 wrote to memory of 2616	2436	AcroRd32.exe	28
PID 2436 wrote to memory of 2616	2436	AcroRd32.exe	28

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\249004f321d6c80b981f89f7e2ea521f_JaffaCakes118.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2436
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 756
  2⤵
  - Program crash
  PID:2616

memory/2436-0-0x00000000031F0000-0x0000000003266000-memory.dmp

Filesize
472KB

Download