6898be931c1fe721678c33afc000f545e01b4020fa6c1467faf88083bf6ae597

Analysis

max time kernel
15s
max time network
18s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 00:42

Target

2a615cb5064b39ff67494496c23b4bd8_JaffaCakes118.pdf
Size

15KB
MD5

2a615cb5064b39ff67494496c23b4bd8
SHA1

8e35161101926085b36107dbb429c2665c33057c
SHA256

6898be931c1fe721678c33afc000f545e01b4020fa6c1467faf88083bf6ae597
SHA512

4e77bc97ad59c950c71f9990a85931aa8d72ba06ba95c18a075066e8acfce6368eb4aef06db39cba9b4e9b79fd98779c78f20cf2a426c9e09399544ab6df7328
SSDEEP

384:4ONyCeewIjJizuFUI6MXOZbJuVxVCXcxWzp5cWSJcU0a/I6d6A/pEzaYgLAvqxdH:RCmWzp5cW+cUddxbJX8HS

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1096	288	WerFault.exe	29

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 288 wrote to memory of 1096	288	AcroRd32.exe	30
PID 288 wrote to memory of 1096	288	AcroRd32.exe	30
PID 288 wrote to memory of 1096	288	AcroRd32.exe	30
PID 288 wrote to memory of 1096	288	AcroRd32.exe	30

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\2a615cb5064b39ff67494496c23b4bd8_JaffaCakes118.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:288
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 288 -s 752
  2⤵
  - Program crash
  PID:1096

memory/288-0-0x0000000003690000-0x0000000003706000-memory.dmp

Filesize
472KB

Download