0fe6c653d05037067ce4c06ae6dd13eb0b6cdc02a471b3efa6de3f0deb6bbd51

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
20/07/2024, 05:37

Target

5f38d5ef517f2d603c9b86803202fc23_JaffaCakes118.pdf
Size

15KB
MD5

5f38d5ef517f2d603c9b86803202fc23
SHA1

0231a17e9efffde58c84bb64be79e0fac436d4e5
SHA256

0fe6c653d05037067ce4c06ae6dd13eb0b6cdc02a471b3efa6de3f0deb6bbd51
SHA512

002403539089368f831055023cb99546227981e4390eda8299258516295d33506cf66778e7f6c9d4d7b416ecb1a38a0cded17bffcc3ad3dbdee6de7d2822aac6
SSDEEP

96:bON06mxdw+7/J5pFH0v+SadHaO8lvCX1+Rm5PpKGNfG0LuTfxM2+Cr306CX1kioW:bONbedw+DJ5pFl96PsBvaWTU9rNnQX3

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2484	1688	WerFault.exe	29

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 2484	1688	AcroRd32.exe	30
PID 1688 wrote to memory of 2484	1688	AcroRd32.exe	30
PID 1688 wrote to memory of 2484	1688	AcroRd32.exe	30
PID 1688 wrote to memory of 2484	1688	AcroRd32.exe	30

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\5f38d5ef517f2d603c9b86803202fc23_JaffaCakes118.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 756
  2⤵
  - Program crash
  PID:2484

memory/1688-0-0x0000000002B80000-0x0000000002BF6000-memory.dmp

Filesize
472KB

Download