b73d49c69c74eb04b8f979aa14538102bffb597537ae0f869c281c9752fda6c9

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20/07/2024, 23:16

Target

606055de74455b4d933bc60bb88ae2aa_JaffaCakes118.pdf
Size

12KB
MD5

606055de74455b4d933bc60bb88ae2aa
SHA1

c8cc1e092992a020ce82d2b0896e26c5e8c79425
SHA256

b73d49c69c74eb04b8f979aa14538102bffb597537ae0f869c281c9752fda6c9
SHA512

b99cd7597fe3e094c2152074c1d4ee14d24e8663137b47b23c1ac7ce3b52d0d94542c7e355f7f94cb7af343514f8bfd788259ab9427db2f796f1f5dc42c5425e
SSDEEP

192:bONbedw+lJ5LhGoDK3H1szhf6V6OpxNGOtPBeynkWdESbSjy23:bONbedw+lJ5tUN7JPtdEzV3

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2712	2724	WerFault.exe	29

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 2712	2724	AcroRd32.exe	30
PID 2724 wrote to memory of 2712	2724	AcroRd32.exe	30
PID 2724 wrote to memory of 2712	2724	AcroRd32.exe	30
PID 2724 wrote to memory of 2712	2724	AcroRd32.exe	30

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\606055de74455b4d933bc60bb88ae2aa_JaffaCakes118.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 760
  2⤵
  - Program crash
  PID:2712

memory/2724-0-0x0000000002CF0000-0x0000000002D66000-memory.dmp

Filesize
472KB

Download