b03e172f6faa5f04612e4ed856f2e0d49832c337f7c812844e74d2ecbc1ff1be | Triage

Analysis

max time kernel
41s
max time network
43s
resource
win10v191014

Sharing

General

Target

opvinteeseis.doc
Sample

191028-v97s46bkns
SHA256

b03e172f6faa5f04612e4ed856f2e0d49832c337f7c812844e74d2ecbc1ff1be

Score

N/A

Malware Config

Signatures

Suspicious use of WriteProcessMemory 1 IoCs

description	pid	Process	procid_target
PID 5032 wrote to memory of 5060	5032	SppExtComObj.exe	75

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\unpack001\LTI0528W5AW4NEF7J5AZ516JUS7MG1KIGLV
1⤵
PID:4944

C:\Windows\system32\SppExtComObj.exe
C:\Windows\system32\SppExtComObj.exe -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:5032

C:\Windows\System32\SLUI.exe
"C:\Windows\System32\SLUI.exe" RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent
1⤵
PID:5060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads