463a558653c43ed0fa666ea78e6c81fc542e4acd587014e8bb6b2a3504753bf8

Analysis

Target

nakit,docx.exe
Size

654KB
MD5

5b850d17d9cb0946da0dbc671d639001
SHA1

4c0c2a45d97c6029cce2f8fb285d26f31c26e4ad
SHA256

463a558653c43ed0fa666ea78e6c81fc542e4acd587014e8bb6b2a3504753bf8
SHA512

d664f906abd99b09e4fdbef12a08df92867d16e494744fcb1d7a59969c65b017d02c70ffc109c54e335d163ba425a629828ba7abc1822cc1aed1ee719482c256

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

924 1936 WerFault.exe nakit,docx.exe

pid	pid_target	process	target process
924	1936	WerFault.exe	nakit,docx.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

nakit,docx.exeWerFault.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

nakit,docx.exeWerFault.exe

description pid process

Token: SeDebugPrivilege 1936 nakit,docx.exe
Token: SeDebugPrivilege 924 WerFault.exe

description	pid	process
Token: SeDebugPrivilege	1936	nakit,docx.exe
Token: SeDebugPrivilege	924	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

nakit,docx.exe

description	pid	process	target process
PID 1936 wrote to memory of 924	1936	nakit,docx.exe	WerFault.exe
PID 1936 wrote to memory of 924	1936	nakit,docx.exe	WerFault.exe
PID 1936 wrote to memory of 924	1936	nakit,docx.exe	WerFault.exe
PID 1936 wrote to memory of 924	1936	nakit,docx.exe	WerFault.exe

memory/924-60-0x0000000000000000-mapping.dmp

Download
memory/924-61-0x0000000000480000-0x0000000000481000-memory.dmp

Filesize
4KB

Download
memory/1936-55-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1936-57-0x00000000072E0000-0x00000000072E1000-memory.dmp

Filesize
4KB

Download
memory/1936-58-0x00000000005D0000-0x00000000005D6000-memory.dmp

Filesize
24KB

Download
memory/1936-59-0x00000000071D0000-0x0000000007244000-memory.dmp

Filesize
464KB

Download