Analysis
-
max time kernel
151s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
21-05-2022 12:44
Static task
static1
Behavioral task
behavioral1
Sample
doc094.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
doc094.exe
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
doc094.exe
-
Size
345KB
-
MD5
aa4728fc8d920e596570904225ffaeca
-
SHA1
242c0f565ef343f4390b3090fcd1480ae07d50c1
-
SHA256
aa3a6c0efb81498bfda5ebc1319154af99114b3184a9dffd5924e778b25b1ab9
-
SHA512
b145c454ab49f26194ec3d4a6ab0cb4ec4208aee1ea624d5d48473d858e41a008c2cfd0778e9aaac79f83d4ec9c62d5e0a10c7c8b879a126237c041d2d47ef41
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
doc094.exepid process 3288 doc094.exe 3288 doc094.exe 3288 doc094.exe 3288 doc094.exe 3288 doc094.exe 3288 doc094.exe 3288 doc094.exe 3288 doc094.exe 3288 doc094.exe 3288 doc094.exe 3288 doc094.exe 3288 doc094.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
doc094.exedescription pid process Token: SeDebugPrivilege 3288 doc094.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3288-130-0x0000000000820000-0x000000000087C000-memory.dmpFilesize
368KB
-
memory/3288-131-0x0000000005890000-0x0000000005E34000-memory.dmpFilesize
5.6MB
-
memory/3288-132-0x0000000005230000-0x00000000052C2000-memory.dmpFilesize
584KB
-
memory/3288-133-0x00000000053E0000-0x00000000053EA000-memory.dmpFilesize
40KB
-
memory/3288-134-0x0000000005610000-0x00000000057B6000-memory.dmpFilesize
1.6MB
-
memory/3288-135-0x0000000007B50000-0x0000000007BEC000-memory.dmpFilesize
624KB
-
memory/3288-136-0x0000000007FD0000-0x0000000008036000-memory.dmpFilesize
408KB