dd77e09b528cd9572298122d059a6041f3d4e91921a11bdbfaf57fe0c8339aef | Triage

Analysis

max time kernel
8s
max time network
48s
platform
windows7_x64
resource
win7-20220414-en
submitted
24-05-2022 02:17

Sharing

Report Analysis Logs

General

Target

DOCSX.scr.exe
Size

1006KB
MD5

87c8dfadd09d783b4ecb103cb755f968
SHA1

bd6bc7e116af16697416d9ac98c74d8ecda00a82
SHA256

dd77e09b528cd9572298122d059a6041f3d4e91921a11bdbfaf57fe0c8339aef
SHA512

450941b7e54eca008cdca29f96a8aaf55fc59c76f4e808a2f706d30783c0efc7e0834d561379edc7580b4dfda92a4acb3d2ccae1ec19aaa2fc80c616538f90e7

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
932	908	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 908 wrote to memory of 932	908	DOCSX.scr.exe	28
PID 908 wrote to memory of 932	908	DOCSX.scr.exe	28
PID 908 wrote to memory of 932	908	DOCSX.scr.exe	28
PID 908 wrote to memory of 932	908	DOCSX.scr.exe	28

C:\Users\Admin\AppData\Local\Temp\DOCSX.scr.exe
"C:\Users\Admin\AppData\Local\Temp\DOCSX.scr.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:908
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 548
  2⤵
  - Program crash
  PID:932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/908-54-0x0000000000B90000-0x0000000000C92000-memory.dmp

Filesize
1.0MB

Download