Overview

overview

10

Static

static

Shipping Doc 3454.exe

windows7_x64

1

Shipping Doc 3454.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    53s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    02-05-2022 15:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Shipping Doc 3454.exe

  • Size

    970KB

  • MD5

    ff65414919a5ca429bd872a4f5ae696a

  • SHA1

    3cbfcdb8b5f7bcab7bd09125627228bee497faba

  • SHA256

    4b174227ea49d30f3378e8469d9849015779d6d3da73333ad0b386411bfade20

  • SHA512

    6177b8c413aa14ad5ec49b9b71a59d89a53ffc10dcdb2a76a8ec64cdfe3541776f841f501da04d6aad1a7c64c4a44904f5f30bb6051feb2c3a5bc51d12c2e0cd

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Shipping Doc 3454.exe
    "C:\Users\Admin\AppData\Local\Temp\Shipping Doc 3454.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1672
    • C:\Users\Admin\AppData\Local\Temp\Shipping Doc 3454.exe
      "C:\Users\Admin\AppData\Local\Temp\Shipping Doc 3454.exe"
      2⤵
        PID:1344
      • C:\Users\Admin\AppData\Local\Temp\Shipping Doc 3454.exe
        "C:\Users\Admin\AppData\Local\Temp\Shipping Doc 3454.exe"
        2⤵
          PID:1748
        • C:\Users\Admin\AppData\Local\Temp\Shipping Doc 3454.exe
          "C:\Users\Admin\AppData\Local\Temp\Shipping Doc 3454.exe"
          2⤵
            PID:1724
          • C:\Users\Admin\AppData\Local\Temp\Shipping Doc 3454.exe
            "C:\Users\Admin\AppData\Local\Temp\Shipping Doc 3454.exe"
            2⤵
              PID:1304
            • C:\Users\Admin\AppData\Local\Temp\Shipping Doc 3454.exe
              "C:\Users\Admin\AppData\Local\Temp\Shipping Doc 3454.exe"
              2⤵
                PID:1268

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1672-54-0x0000000000310000-0x0000000000408000-memory.dmp

              Filesize

              992KB

              Download

            • memory/1672-55-0x0000000075B61000-0x0000000075B63000-memory.dmp

              Filesize

              8KB

              Download

            • memory/1672-56-0x0000000000620000-0x0000000000630000-memory.dmp

              Filesize

              64KB

              Download

            • memory/1672-57-0x0000000005560000-0x0000000005620000-memory.dmp

              Filesize

              768KB

              Download

            • memory/1672-58-0x0000000004ED0000-0x0000000004F58000-memory.dmp

              Filesize

              544KB

              Download