053e7603d2776f39c17d74cd5a095d2fa4727ce019cb91274c135be4b9732358 | Triage

Resubmissions

07/09/2022, 19:58

220907-ypwc3achd3 7

03/08/2021, 09:41

210803-sp73xlckl2 10

Analysis

max time kernel
3s
max time network
11s
platform
windows7_x64
resource
win7v20210410
submitted
03/08/2021, 09:41

Sharing

Report Analysis Logs

General

Target

Document.exe
Size

14.1MB
MD5

5210735409235c1aaf674fefddd33e35
SHA1

7c75657618cdeb21eedd587d960a608c4ead60f1
SHA256

053e7603d2776f39c17d74cd5a095d2fa4727ce019cb91274c135be4b9732358
SHA512

e382f86366f1a5dc7f665dd19e48410e69614cced4b5cb2deabec58e4b948906d34df42195010ea3a58e5c63579f042b0b6eb8e2f70c99d9b013d776f098985d

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1824	Document.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 1824	2020	Document.exe	30
PID 2020 wrote to memory of 1824	2020	Document.exe	30
PID 2020 wrote to memory of 1824	2020	Document.exe	30

C:\Users\Admin\AppData\Local\Temp\Document.exe
"C:\Users\Admin\AppData\Local\Temp\Document.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Users\Admin\AppData\Local\Temp\Document.exe
  "C:\Users\Admin\AppData\Local\Temp\Document.exe"
  2⤵
  - Loads dropped DLL
  PID:1824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads