8079db0c5a3e080a1d5287deb49b57b397caab4d030e892bec279a87be1770ee

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 13:13

Target

3d857bb48dd125680a271828a5de7913_JaffaCakes118.pdf
Size

14KB
MD5

3d857bb48dd125680a271828a5de7913
SHA1

3efc11d31fd13f2016674d125f8fb0c81a06057e
SHA256

8079db0c5a3e080a1d5287deb49b57b397caab4d030e892bec279a87be1770ee
SHA512

3e7e4148ca14a37f336c7d2aec60b0306e18a2344807d24c518d5fc47ddc2ebbc097cfdc1b52ae2aa31e4b38d122fa2328a966cd8e66f39b04b27ed8c175039d
SSDEEP

384:4ONT7lEbvrW+AsG9rGrqi9zVXer2MqmpcxYhPZzV4fvwdCeewIjJizIgz:g6PvGG

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2948	2160	WerFault.exe	27

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 2948	2160	AcroRd32.exe	28
PID 2160 wrote to memory of 2948	2160	AcroRd32.exe	28
PID 2160 wrote to memory of 2948	2160	AcroRd32.exe	28
PID 2160 wrote to memory of 2948	2160	AcroRd32.exe	28

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\3d857bb48dd125680a271828a5de7913_JaffaCakes118.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 752
  2⤵
  - Program crash
  PID:2948

memory/2160-0-0x0000000002B20000-0x0000000002B96000-memory.dmp

Filesize
472KB

Download