f8776c050a6e810a7a2c45fdfbc7848ed434cc866e1368a0539c5ab7b1aaa986

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
09-07-2024 13:22

Target

308c624e196596928619368d6ee733b7_JaffaCakes118.pdf
Size

11KB
MD5

308c624e196596928619368d6ee733b7
SHA1

a6cbfa1a642ca878f76d559a76b20c4909d35865
SHA256

f8776c050a6e810a7a2c45fdfbc7848ed434cc866e1368a0539c5ab7b1aaa986
SHA512

5211d99b109fb5e0b4fea4e6880337aab36b30ea17914e1d49ae81d222fe3710e895846e78c02167bd0c37d7853766b4b6ba4bfb46ed1d8dc2133f7cf6e62019
SSDEEP

192:bONbedw+lJ5y0RLVYFpve2kI+PcYQL6SG5NcccXPR3C1ZMYY+P1ZB0oYpshqL5d9:bONbedw+lJ5HdCnetRPcYG6SGPcccrmo

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2836	2900	WerFault.exe	29

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2900 wrote to memory of 2836	2900	AcroRd32.exe	30
PID 2900 wrote to memory of 2836	2900	AcroRd32.exe	30
PID 2900 wrote to memory of 2836	2900	AcroRd32.exe	30
PID 2900 wrote to memory of 2836	2900	AcroRd32.exe	30

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\308c624e196596928619368d6ee733b7_JaffaCakes118.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2900
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 752
  2⤵
  - Program crash
  PID:2836

memory/2900-0-0x0000000003080000-0x00000000030F6000-memory.dmp

Filesize
472KB

Download