Analysis
-
max time kernel
117s -
max time network
60s -
platform
windows7_x64 -
resource
win7-en-20210920 -
submitted
20-10-2021 10:16
General
-
Target
shipment docu..exe
-
Size
22KB
-
MD5
75b7a294df955b78f7adf5882e600273
-
SHA1
df8f94ca5d228dcbda81efd0f8a0f37ff5ffa459
-
SHA256
d3c93ce13c0f0a8dd07512cb0cf5ca7474983e15e136022cd98c4ab9b6063bd4
-
SHA512
7b4c28d71348e798f3ddc7084767424754556a02a436b91e7516408b75031df32b4ba08fc60d658aeb381538c89bdf867373127ef29f6b03ec1ece56cf2e6da6
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\shipment docu..exe"C:\Users\Admin\AppData\Local\Temp\shipment docu..exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 15402⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1112-53-0x00000000000E0000-0x00000000000E1000-memory.dmpFilesize
4KB
-
memory/1112-55-0x00000000751A1000-0x00000000751A3000-memory.dmpFilesize
8KB
-
memory/1112-56-0x0000000004E60000-0x0000000004E61000-memory.dmpFilesize
4KB
-
memory/1704-57-0x0000000000000000-mapping.dmp
-
memory/1704-58-0x0000000000950000-0x0000000000951000-memory.dmpFilesize
4KB