Analysis
-
max time kernel
3s -
max time network
11s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
03-08-2021 09:41
Static task
static1
Behavioral task
behavioral1
Sample
Document.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Document.exe
Resource
win10v20210408
General
-
Target
Document.exe
-
Size
14.1MB
-
MD5
5210735409235c1aaf674fefddd33e35
-
SHA1
7c75657618cdeb21eedd587d960a608c4ead60f1
-
SHA256
053e7603d2776f39c17d74cd5a095d2fa4727ce019cb91274c135be4b9732358
-
SHA512
e382f86366f1a5dc7f665dd19e48410e69614cced4b5cb2deabec58e4b948906d34df42195010ea3a58e5c63579f042b0b6eb8e2f70c99d9b013d776f098985d
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
Document.exepid process 1824 Document.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
Document.exedescription pid process target process PID 2020 wrote to memory of 1824 2020 Document.exe Document.exe PID 2020 wrote to memory of 1824 2020 Document.exe Document.exe PID 2020 wrote to memory of 1824 2020 Document.exe Document.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_MEI20202\python39.dllMD5
1d5e4c20a20740f38f061bdf48aaca4f
SHA1de1b64ab5219aa6fef95cd2b0ccead1c925fd0d0
SHA256f8172151d11bcf934f2a7518cd0d834e3f079bd980391e9da147ce4cff72c366
SHA5129df64c97e4e993e815fdaf7e8ecbc3ce32aa8d979f8f4f7a732b2efa636cfeb9a145fe2c2dcdf2e5e9247ee376625e1fdc62f9657e8007bb504336ac8d05a397
-
\Users\Admin\AppData\Local\Temp\_MEI20202\python39.dllMD5
1d5e4c20a20740f38f061bdf48aaca4f
SHA1de1b64ab5219aa6fef95cd2b0ccead1c925fd0d0
SHA256f8172151d11bcf934f2a7518cd0d834e3f079bd980391e9da147ce4cff72c366
SHA5129df64c97e4e993e815fdaf7e8ecbc3ce32aa8d979f8f4f7a732b2efa636cfeb9a145fe2c2dcdf2e5e9247ee376625e1fdc62f9657e8007bb504336ac8d05a397
-
memory/1824-59-0x0000000000000000-mapping.dmp