This paper proposes a multiple-fault injection attack based on adaptive control of fault injection timing in embedded microprocessors. The proposed method can be conducted under the black-box condition that the detailed cryptographic software running on the target device is not known to attackers. In addition, the proposed method is non-invasive, without the depackaging required in previous works, since such adaptive fault injection is performed by precisely generating a clock glitch. In this paper, we demonstrate the validity of the proposed method through an experiment on Advanced Encryption Standard (AES) software with a typical recalculation-based countermeasure on an 8-bit microprocessor. We first describe the proposed method to inject two kinds of faults, designed to obtain a faulty output available for differential fault analysis and to avoid a conditional branch for the countermeasure, respectively. We then show an experimental result that the faulty output can be obtained by circumventing countermeasure without using information from the detailed instruction sequence. Furthermore, we proposed a countermeasure against our attack, which prevents the attackers from calling the output routine through skipping the branch or branch test instruction.