d951ca6a625a837cfddf5fd1e864084505db5eff0e9d0b2a4ef7bb849f5f9055

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13-07-2024 18:28

Target

42d653164637ea176281dbb3fd91020a_JaffaCakes118.pdf
Size

11KB
MD5

42d653164637ea176281dbb3fd91020a
SHA1

2c4fb30d1161f890d3d04e9750cb7d36b2b72142
SHA256

d951ca6a625a837cfddf5fd1e864084505db5eff0e9d0b2a4ef7bb849f5f9055
SHA512

fd719197fc53a6c6d57848aecffd5a9cf6b4ad30468b8fe8303ad801d7af456c6a4e7848f9a10ebbeaf9569a6b24c25141ae6bf1372f862da5f93565be9ebaf6
SSDEEP

192:bONbedw+lJ52n4blpFV1qoeX5sw7brsgD71rNac19zGRwl3:bONbedw+lJ52n4blpFV1qoeXl7brD7Zf

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2472	2160	WerFault.exe	29

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 2472	2160	AcroRd32.exe	30
PID 2160 wrote to memory of 2472	2160	AcroRd32.exe	30
PID 2160 wrote to memory of 2472	2160	AcroRd32.exe	30
PID 2160 wrote to memory of 2472	2160	AcroRd32.exe	30

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\42d653164637ea176281dbb3fd91020a_JaffaCakes118.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 752
  2⤵
  - Program crash
  PID:2472

memory/2160-0-0x00000000026D0000-0x0000000002746000-memory.dmp

Filesize
472KB

Download