d1bdd7b53aab5e1b3516a75a49635753171600bfbbf3e3c0dfe1d5f4a1c77255 | Triage

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09-07-2024 13:08

Sharing

Report Analysis Logs

General

Target

307ff8e527f4adb38955b0d6a6e0b9e0_JaffaCakes118.pdf
Size

16KB
MD5

307ff8e527f4adb38955b0d6a6e0b9e0
SHA1

27ee49d8a864cb453f9e1c0de54d9186e75b6583
SHA256

d1bdd7b53aab5e1b3516a75a49635753171600bfbbf3e3c0dfe1d5f4a1c77255
SHA512

5b26c60fc69a51d538f6eda5a9889900db6b3eddf96bc1d2d5f7ddedae7dd06d89699a9758f29d8574f5521d509978c53797e2281f1f8c2b54d0f395f9dca214
SSDEEP

384:4ONyCeewIjJizZa/V8eGBikTHwXHz6jSNpz0SEv:IhnSS

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1948	1712	WerFault.exe	31

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1712	AcroRd32.exe
1712	AcroRd32.exe
1712	AcroRd32.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 1948	1712	AcroRd32.exe	32
PID 1712 wrote to memory of 1948	1712	AcroRd32.exe	32
PID 1712 wrote to memory of 1948	1712	AcroRd32.exe	32
PID 1712 wrote to memory of 1948	1712	AcroRd32.exe	32

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\307ff8e527f4adb38955b0d6a6e0b9e0_JaffaCakes118.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 756
  2⤵
  - Program crash
  PID:1948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1712-0-0x0000000003410000-0x0000000003486000-memory.dmp

Filesize
472KB

Download