101f6dcbd5162d7648bf579f112dd99619e869ca012aaa968162557762d166aa

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12-07-2024 19:47

Target

3ea5a6fd231fce3a67e6b3fe460cb3dc_JaffaCakes118.pdf
Size

15KB
MD5

3ea5a6fd231fce3a67e6b3fe460cb3dc
SHA1

38c95c34f0ff553e4ce3dac8d32299e4dde93b68
SHA256

101f6dcbd5162d7648bf579f112dd99619e869ca012aaa968162557762d166aa
SHA512

f3b7d8278776f755cbd2635e840223f159d922c5dd71aacaf2deea60e7cd2323cf0205930cbf16cb89965696199b9f1b36632c2fe42e3afbdd4965cc5da0dc31
SSDEEP

192:4ONyCeewIjJiz/nEWcNuJRQfiLTvEVPTF3NJhmwhWf2mOgxWv:4ONyCeewIjJizAEoTF3NJhmwhWOykv

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2532	1208	WerFault.exe	30

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1208 wrote to memory of 2532	1208	AcroRd32.exe	31
PID 1208 wrote to memory of 2532	1208	AcroRd32.exe	31
PID 1208 wrote to memory of 2532	1208	AcroRd32.exe	31
PID 1208 wrote to memory of 2532	1208	AcroRd32.exe	31

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\3ea5a6fd231fce3a67e6b3fe460cb3dc_JaffaCakes118.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1208
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 752
  2⤵
  - Program crash
  PID:2532

memory/1208-0-0x0000000003380000-0x00000000033F6000-memory.dmp

Filesize
472KB

Download