e808182f9866ace0428f492c6a2b14d2867d71a91be0f1f4fd3acfb24434a2c0

Analysis

max time kernel
16s
max time network
18s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 12:37

Target

49cfa73a76f04572d7c31f885045fa38_JaffaCakes118.pdf
Size

4KB
MD5

49cfa73a76f04572d7c31f885045fa38
SHA1

21de706c1f6a7698729943ef5ff9e54953531130
SHA256

e808182f9866ace0428f492c6a2b14d2867d71a91be0f1f4fd3acfb24434a2c0
SHA512

b80069e8d7c8e446e149a87b63fcfb1032b71126d4670ac3e4844b3239f190b74d8397c89405e9c8ffde1de7226a105a495896ee894b1fb519ee084cca6b9383
SSDEEP

96:rDg51RORkrqkYrxwIyrEEQ+YiDVMCJD2mwouUX64fx8scx8bh7ZMPytPG/5G:f+1ROqrqkYrxwIkEP0qC2mg4fx8C

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2200	3052	WerFault.exe	29

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 2200	3052	AcroRd32.exe	30
PID 3052 wrote to memory of 2200	3052	AcroRd32.exe	30
PID 3052 wrote to memory of 2200	3052	AcroRd32.exe	30
PID 3052 wrote to memory of 2200	3052	AcroRd32.exe	30

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\49cfa73a76f04572d7c31f885045fa38_JaffaCakes118.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3052
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 744
  2⤵
  - Program crash
  PID:2200