Analysis
-
max time kernel
123s -
max time network
128s -
platform
windows10_x64 -
resource
win10-en-20211014 -
submitted
05-12-2021 01:02
Static task
static1
Behavioral task
behavioral1
Sample
?? ?? ?????????doc.com.exe
Resource
win7-en-20211104
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
?? ?? ?????????doc.com.exe
Resource
win10-en-20211014
windows10_x64
0 signatures
0 seconds
General
-
Target
?? ?? ?????????doc.com.exe
-
Size
848KB
-
MD5
06559a48b54cc741ec37f24c437cd199
-
SHA1
daa15a2ed47960179c9611ba84520bc5f8002873
-
SHA256
2b7062e20c674dd25059533ecfbb5a66ab3ecda2e01c30e8c9a81cc4290b8f11
-
SHA512
8d8325f6e9b29201861a28eaf6fe26f3013bf2b64be514e1b5dc329c986a41abe7a4fc5210e7c5b5e8f0dffc0521bd1d005b7260ec6ed699bb407b66d6ae66df
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
__ __ _________doc.com.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run __ __ _________doc.com.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\googleÉý¼¶ = "C:\\Users\\Admin\\Documents\\lsassa.exe" __ __ _________doc.com.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
__ __ _________doc.com.exepid process 2272 __ __ _________doc.com.exe 2272 __ __ _________doc.com.exe 2272 __ __ _________doc.com.exe 2272 __ __ _________doc.com.exe 2272 __ __ _________doc.com.exe 2272 __ __ _________doc.com.exe 2272 __ __ _________doc.com.exe 2272 __ __ _________doc.com.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
__ __ _________doc.com.exedescription pid process Token: SeDebugPrivilege 2272 __ __ _________doc.com.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
__ __ _________doc.com.exepid process 2272 __ __ _________doc.com.exe