Analysis
-
max time kernel
44s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
21-05-2022 01:16
General
-
Target
DOCUMENTS.exe
-
Size
461KB
-
MD5
12d57069130c72bacbe0687b79d633e8
-
SHA1
5dd72d6f4361861559721e161414e2355dacefe9
-
SHA256
d887251ccd6c44329798ec262da14733ab9573b28ef725e31834d8b79e9f840d
-
SHA512
d6320b3362140a7105917626443ae52e7cbcbcde4ef9cc7be0af82c977509009ebfdf0c3b99a5455f4387a87ea5d6c1363eecaf026033d9cc0d5565981763410
Score
10/10
Malware Config
Signatures
-
CoreEntity .NET Packer 1 IoCs
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
ReZer0 packer 1 IoCs
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\DOCUMENTS.exe"C:\Users\Admin\AppData\Local\Temp\DOCUMENTS.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 6882⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/956-59-0x0000000000000000-mapping.dmp
-
memory/988-54-0x0000000000200000-0x000000000027A000-memory.dmpFilesize
488KB
-
memory/988-55-0x0000000001F00000-0x0000000001F64000-memory.dmpFilesize
400KB
-
memory/988-56-0x0000000075C71000-0x0000000075C73000-memory.dmpFilesize
8KB
-
memory/988-57-0x0000000000560000-0x0000000000568000-memory.dmpFilesize
32KB
-
memory/988-58-0x0000000004230000-0x0000000004286000-memory.dmpFilesize
344KB