19a54895b5f3c06b220cbefa3295adbb59292cc8e4842cc67b96e6176067a6c9

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 12:25

Target

3919fe9fbc52d51b7b2ece04cd1ce155_JaffaCakes118.pdf
Size

61KB
MD5

3919fe9fbc52d51b7b2ece04cd1ce155
SHA1

aa307d93b2c46cf0d3851719116449421c6fb630
SHA256

19a54895b5f3c06b220cbefa3295adbb59292cc8e4842cc67b96e6176067a6c9
SHA512

b07efbf76894db49823578f91d1204cfb90889f0a28e3be5268899ee4d9615460bdcc1d84f194ccba9113773e205e8a183551346b23aae60f970223e662c83ab
SSDEEP

384:bONbedw+DJ5ktMFopF7ZgNZogWuHRf4tUYsIFQZgNW2LPqqo7+++4Wza3:V

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2688	2084	WerFault.exe	29

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 2688	2084	AcroRd32.exe	30
PID 2084 wrote to memory of 2688	2084	AcroRd32.exe	30
PID 2084 wrote to memory of 2688	2084	AcroRd32.exe	30
PID 2084 wrote to memory of 2688	2084	AcroRd32.exe	30

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\3919fe9fbc52d51b7b2ece04cd1ce155_JaffaCakes118.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 752
  2⤵
  - Program crash
  PID:2688

memory/2084-0-0x0000000003260000-0x00000000032D6000-memory.dmp

Filesize
472KB

Download