89858e35f67b82d25890f1e43824f1898290c0967f40e04236389bbddfbaec12

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 03:41

Target

65fe596bc9de448104673e173d8c9c92_JaffaCakes118.pdf
Size

16KB
MD5

65fe596bc9de448104673e173d8c9c92
SHA1

366c2673d752263e57ca3de79dbf3357b6b8cd76
SHA256

89858e35f67b82d25890f1e43824f1898290c0967f40e04236389bbddfbaec12
SHA512

74eb447b3f0163ce095a9b865b63c2290b3df054b1927d801e7613909c6c168acaca76afdcc5a705b23cf53e9fed08f459c775197098133acc702ba717e5db51
SSDEEP

384:4ONyCeewIjJizb0h6ReCH767X4Z5YSkpYR7jIQyra6oxVuho1Z8xv:/oxVsp

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1552	2900	WerFault.exe	29

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2900 wrote to memory of 1552	2900	AcroRd32.exe	30
PID 2900 wrote to memory of 1552	2900	AcroRd32.exe	30
PID 2900 wrote to memory of 1552	2900	AcroRd32.exe	30
PID 2900 wrote to memory of 1552	2900	AcroRd32.exe	30

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\65fe596bc9de448104673e173d8c9c92_JaffaCakes118.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2900
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 752
  2⤵
  - Program crash
  PID:1552

memory/2900-0-0x0000000003190000-0x0000000003206000-memory.dmp

Filesize
472KB

Download