Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
14/03/2025, 09:39
General
-
Target
03042cc3786dafdb941019488d4cad3e.pdf
-
Size
65KB
-
MD5
03042cc3786dafdb941019488d4cad3e
-
SHA1
489dfe1a49f5172ac4db9a2b953789cbd6a80c65
-
SHA256
8dbbcd21c0197c7d037b9dfb86fc05fe1e087420548197bb60140c7e91723c75
-
SHA512
7843dc1ff2d32c3df8ca7c93937cfad6d475792a08a7b6ca3b9865ac86f7ae9c2f6ab269a6d8b529d3bb1d3b80ec00f49afc6a7366954c524414cb7d45d689f6
-
SSDEEP
768:GwdmkEGda1t5OqNTNGQwFhIkc0bmeH9Dg2wQuheK0AIkLlM5NscYM8qqEUED281S:GhLLOmihLdKspVscYG/O85r+o49d
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\03042cc3786dafdb941019488d4cad3e.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 7642⤵
- Program crash
-