5756dfe9719f5cad407395d52e75425cc213c1c3509481703a993d28b0f3fa90

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 07:24

Target

27b74380a6ccca426448110f2b7e1c55_JaffaCakes118.pdf
Size

16KB
MD5

27b74380a6ccca426448110f2b7e1c55
SHA1

ca088968134a3224fc3e7e751cf347f1d352dbff
SHA256

5756dfe9719f5cad407395d52e75425cc213c1c3509481703a993d28b0f3fa90
SHA512

68d0d8dcc153421769c6965871358d59c05bf87047d7cdfc209d73c3b710ed6b60db7a3ba5cdf817fefc532e17ede6bd639a28ef57c13d59476fb30db9ab9256
SSDEEP

384:4ONyCeewIjJizJ2GhPHMmhE1WkMkA+o2ATQo69SrBy1VOFZEv:K2eS

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2644	2460	WerFault.exe	29

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 2644	2460	AcroRd32.exe	30
PID 2460 wrote to memory of 2644	2460	AcroRd32.exe	30
PID 2460 wrote to memory of 2644	2460	AcroRd32.exe	30
PID 2460 wrote to memory of 2644	2460	AcroRd32.exe	30

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\27b74380a6ccca426448110f2b7e1c55_JaffaCakes118.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 756
  2⤵
  - Program crash
  PID:2644

memory/2460-0-0x0000000003590000-0x0000000003606000-memory.dmp

Filesize
472KB

Download