52d4b2d7d17a7b8a197d2a20c779c649636261013ef266504807cfe241af654f | Triage

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 18:47

Sharing

Report Analysis Logs

General

Target

35f155bf0295c66fdd0171fcfc92ec86_JaffaCakes118.pdf
Size

16KB
MD5

35f155bf0295c66fdd0171fcfc92ec86
SHA1

23f887d034503dfba69c7ea3ae34dff4eb808c6e
SHA256

52d4b2d7d17a7b8a197d2a20c779c649636261013ef266504807cfe241af654f
SHA512

5d35904fe6d300d164874002d235894db344333322c41d0d7dfcf2f7b4e9587baa11d4bdab5dcae695278a09ee9065951a1572689e29cbe71a075534a31205b5
SSDEEP

384:4ONyCeewIjJiz/HyC9r3C0wsqY50gI3Ev:rS

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2684	808	WerFault.exe	29

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
808	AcroRd32.exe
808	AcroRd32.exe
808	AcroRd32.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 808 wrote to memory of 2684	808	AcroRd32.exe	30
PID 808 wrote to memory of 2684	808	AcroRd32.exe	30
PID 808 wrote to memory of 2684	808	AcroRd32.exe	30
PID 808 wrote to memory of 2684	808	AcroRd32.exe	30

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\35f155bf0295c66fdd0171fcfc92ec86_JaffaCakes118.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:808
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 760
  2⤵
  - Program crash
  PID:2684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/808-0-0x0000000003280000-0x00000000032F6000-memory.dmp

Filesize
472KB

Download