93cced836be43a7752e0f7d7c26adb0f0634cf07209c63106d747ad889d8bcc8

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 11:25

Target

4992bad975edf2cc2cb13f1944533520_JaffaCakes118.pdf
Size

16KB
MD5

4992bad975edf2cc2cb13f1944533520
SHA1

256dc78f4b5c34e760527ca95b6ee95a2d6ba3ab
SHA256

93cced836be43a7752e0f7d7c26adb0f0634cf07209c63106d747ad889d8bcc8
SHA512

77d6d5c4ca06ebd4b32b47b1e86b819c426e4b2ba642a58db7808b0b89d6008032405fa3640094525cf6400756298724220363e01cce9c99a973918147a1f5b8
SSDEEP

192:4ONyCeewIjJizl2OVqIz5BjtcouC4M6EpedZxMeIaGIOgt1v:4ONyCeewIjJizlb/jv/eIaL7v

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2660	1980	WerFault.exe	29

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1980 wrote to memory of 2660	1980	AcroRd32.exe	30
PID 1980 wrote to memory of 2660	1980	AcroRd32.exe	30
PID 1980 wrote to memory of 2660	1980	AcroRd32.exe	30
PID 1980 wrote to memory of 2660	1980	AcroRd32.exe	30

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\4992bad975edf2cc2cb13f1944533520_JaffaCakes118.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 760
  2⤵
  - Program crash
  PID:2660

memory/1980-1-0x0000000003080000-0x00000000030F6000-memory.dmp

Filesize
472KB

Download