a1da3a21f34a13651b2fc992472cf8fabe9896a3d8aeeb87e5c0879f2f5bf4ad

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 08:12

Target

1a8dcaf96af6143b5b0c800710162a0c_JaffaCakes118.pdf
Size

16KB
MD5

1a8dcaf96af6143b5b0c800710162a0c
SHA1

d858d03e9c5962ead60057bd198bf0032eafea9f
SHA256

a1da3a21f34a13651b2fc992472cf8fabe9896a3d8aeeb87e5c0879f2f5bf4ad
SHA512

d3b74b20e168e9a8cb08afa0908e92cbec55fc85af58d9fb0efbdf80905fd82e755900285c8bfeecccaf3f164a3aa6ee51372fb2dccd1d6cdf846c50ff02d18b
SSDEEP

384:4ONyCeewIjJizlQdpB5lyzaa0cB8yeFL4Xj3Zw7SgiwHn4mIf5o0fX8y+ZF3XeIs:Wa/yzaa0cLeFL4Xj3Zw7HHn4mIf5o0f9

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2776 1200 WerFault.exe AcroRd32.exe
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

AcroRd32.exe

pid process

1200 AcroRd32.exe
1200 AcroRd32.exe
1200 AcroRd32.exe

pid	pid_target	process	target process
2776	1200	WerFault.exe	AcroRd32.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

AcroRd32.exe

description	pid	process	target process
PID 1200 wrote to memory of 2776	1200	AcroRd32.exe	WerFault.exe
PID 1200 wrote to memory of 2776	1200	AcroRd32.exe	WerFault.exe
PID 1200 wrote to memory of 2776	1200	AcroRd32.exe	WerFault.exe
PID 1200 wrote to memory of 2776	1200	AcroRd32.exe	WerFault.exe

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 752
2⤵
- Program crash
PID:2776

memory/1200-0-0x0000000002B80000-0x0000000002BF6000-memory.dmp

Filesize
472KB

Download