9fe1d4468c176e60e5cb81a06dc4f10e1032a5ecd7a9ae28d110a3fb669b208d

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14-07-2024 03:32

Target

441ea4b02072f2f51d382a0216b1d1af_JaffaCakes118.pdf
Size

12KB
MD5

441ea4b02072f2f51d382a0216b1d1af
SHA1

0ae272fe7a374080078fbed822ec8d89f18df8b5
SHA256

9fe1d4468c176e60e5cb81a06dc4f10e1032a5ecd7a9ae28d110a3fb669b208d
SHA512

d920c2f407f7bc0bf7d74df88a7c4403c8a78ccd8ac421a62a5d73b1cc232cba1ad440c09770d509ff8fdef2388e594c9501079fa9624638320ebd452c1caadb
SSDEEP

384:bONbedw+lJ5WUzpwvWPqp+NJ6RRiJMg+zsE2/33RRJATfVRSA8yx3:wUdwv8o+NJjizsE2/JwfDJ1

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2960	2924	WerFault.exe	30

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 2960	2924	AcroRd32.exe	31
PID 2924 wrote to memory of 2960	2924	AcroRd32.exe	31
PID 2924 wrote to memory of 2960	2924	AcroRd32.exe	31
PID 2924 wrote to memory of 2960	2924	AcroRd32.exe	31

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\441ea4b02072f2f51d382a0216b1d1af_JaffaCakes118.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 760
  2⤵
  - Program crash
  PID:2960

memory/2924-0-0x0000000002E80000-0x0000000002EF6000-memory.dmp

Filesize
472KB

Download