4ec73dcd033ac644f07b93b913addc6e2d19d0e85ccc5fc26d7ba55c992a8686

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 03:22

Target

2ed3243ea5ee162ab09ca645273d391a_JaffaCakes118.pdf
Size

12KB
MD5

2ed3243ea5ee162ab09ca645273d391a
SHA1

c5c757621676b5df93dbd31339b31c80ce2146bc
SHA256

4ec73dcd033ac644f07b93b913addc6e2d19d0e85ccc5fc26d7ba55c992a8686
SHA512

ee3b79839a7c7f28cdb426682bcd0ab1920c0c8932d79472186f91ac528c5b0bc414e3241b9efb1450037973018ff76d2c25fa2ff7dac74cf622ced175e4cc2e
SSDEEP

384:bONbedw+lJ5qzAwc6phCBqhjWwyuNEMzIW7DDBKWjg/nfAV1lvKI6dsHg7Cs7Hk6:kXt+bNSGciCsyjlI8Q9sihgKYy

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2952	2096	WerFault.exe	29

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2096 wrote to memory of 2952	2096	AcroRd32.exe	30
PID 2096 wrote to memory of 2952	2096	AcroRd32.exe	30
PID 2096 wrote to memory of 2952	2096	AcroRd32.exe	30
PID 2096 wrote to memory of 2952	2096	AcroRd32.exe	30

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\2ed3243ea5ee162ab09ca645273d391a_JaffaCakes118.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2096
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 748
  2⤵
  - Program crash
  PID:2952

memory/2096-0-0x0000000002FD0000-0x0000000003046000-memory.dmp

Filesize
472KB

Download