c6a3fd604fbdcd1f95c68627ac3b401137cec25a3ac06c2688d3ace2ac49983f

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 18:43

Target

35ee8973b7c328ff2ebece560b22ecf5_JaffaCakes118.pdf
Size

15KB
MD5

35ee8973b7c328ff2ebece560b22ecf5
SHA1

caed04d0a7e7fe23160a63345dbfed92528a0251
SHA256

c6a3fd604fbdcd1f95c68627ac3b401137cec25a3ac06c2688d3ace2ac49983f
SHA512

15fde513ba04c0833f319b8c2742a7364c8577d5ded4931da81a6815528ea414478639c34df48dd7fc1bbeef5599b87cbc8f66dbfed440fef5f4a4ee7bc6d34b
SSDEEP

384:4ONyCeewIjJiziuY4e2RwHljWp+TnJOBvBYL5IiUtPgOaQ8tkx9pDqxzqMaqpHIJ:n87wTguLz6ghQLxCEyVIkJfip

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2704	2364	WerFault.exe	29

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2704	2364	AcroRd32.exe	30
PID 2364 wrote to memory of 2704	2364	AcroRd32.exe	30
PID 2364 wrote to memory of 2704	2364	AcroRd32.exe	30
PID 2364 wrote to memory of 2704	2364	AcroRd32.exe	30

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\35ee8973b7c328ff2ebece560b22ecf5_JaffaCakes118.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 760
  2⤵
  - Program crash
  PID:2704

memory/2364-0-0x0000000003490000-0x0000000003506000-memory.dmp

Filesize
472KB

Download