5b02e07d03c78ddf9fdbbf909908f0a6f2d45e4bf53a7285d2718cff1bf8f665

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
21/07/2024, 17:27

Target

60c05de63809c07c92a155517b5d0d97_JaffaCakes118.pdf
Size

106KB
MD5

60c05de63809c07c92a155517b5d0d97
SHA1

a5e32c3a61d1323d7683f4faca51ec19a2913f8e
SHA256

5b02e07d03c78ddf9fdbbf909908f0a6f2d45e4bf53a7285d2718cff1bf8f665
SHA512

53c5a85aef8b6c46d275ac55a60a112d4a52c3fa83352e14d22134b859b62d2e28471dd20074cd124cb5775a25f8a088cf669270f307a2f4a486a7ea86af9dc6
SSDEEP

384:bONbedw+lJ5pSEI22TUFdYIj2QzFpsWRkxq+VEc49O2RMrLmmm2mmmEt4mmmEmm5:z

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2624	2004	WerFault.exe	28

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 2624	2004	AcroRd32.exe	30
PID 2004 wrote to memory of 2624	2004	AcroRd32.exe	30
PID 2004 wrote to memory of 2624	2004	AcroRd32.exe	30
PID 2004 wrote to memory of 2624	2004	AcroRd32.exe	30

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\60c05de63809c07c92a155517b5d0d97_JaffaCakes118.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 756
  2⤵
  - Program crash
  PID:2624

memory/2004-0-0x0000000002AE0000-0x0000000002B56000-memory.dmp

Filesize
472KB

Download