9cfaa6b683650d8a68559a957fbe335dfe2d4e77fc95c5ed15cff7d21b557963

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 21:16

Target

3abd92740a71a9209cb451f65a847a36_JaffaCakes118.pdf
Size

106KB
MD5

3abd92740a71a9209cb451f65a847a36
SHA1

ab55cccbc7a60da1301cb7ff900bf014d56491fa
SHA256

9cfaa6b683650d8a68559a957fbe335dfe2d4e77fc95c5ed15cff7d21b557963
SHA512

fad93f405c6da669b31b24172153df402b21cf8ee8629f30cefebcf3b85696c456ef22b4c80f2e659095c2abe3302d3a6021b08e44c0ef073ab0f5b30a227f38
SSDEEP

384:bONbedw+lJ5vpcctatfPjZI8yoe7RTdelAgEXj1oM44TXdqOP/voZYRRQM3:7

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3052	1596	WerFault.exe	29

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1596 wrote to memory of 3052	1596	AcroRd32.exe	30
PID 1596 wrote to memory of 3052	1596	AcroRd32.exe	30
PID 1596 wrote to memory of 3052	1596	AcroRd32.exe	30
PID 1596 wrote to memory of 3052	1596	AcroRd32.exe	30

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\3abd92740a71a9209cb451f65a847a36_JaffaCakes118.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1596
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 748
  2⤵
  - Program crash
  PID:3052

memory/1596-0-0x00000000030B0000-0x0000000003126000-memory.dmp

Filesize
472KB

Download