Overview

overview

10

Static

static

doc0767572...57.exe

windows7_x64

10

doc0767572...57.exe

windows10-2004_x64

5

Analysis

  • max time kernel
    112s
  • max time network
    117s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    24-05-2022 19:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    doc07675720200626101857.exe

  • Size

    930KB

  • MD5

    243a515982e6eba872d6366ec71d63b6

  • SHA1

    85b71070f258dce1b5f92ea4aaa117419f6b8828

  • SHA256

    420da876f8efdf70da0ec0ccd1b7aaa09547b6868d5fc655c05b50eadf20c360

  • SHA512

    cfaf4f25351c10962d143de38df4758d1359224975520bc1345d284ab62254b75e6115c1283b47331b312e0e624329f8c402235cb8682d9007419ad0b89122a4

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\doc07675720200626101857.exe
    "C:\Users\Admin\AppData\Local\Temp\doc07675720200626101857.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:1928
    • C:\Users\Admin\AppData\Local\Temp\doc07675720200626101857.exe
      "C:\Users\Admin\AppData\Local\Temp\doc07675720200626101857.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4316
      • C:\Windows\SysWOW64\cmd.exe
        "cmd" /c start /b powershell Start-Sleep -Seconds 2; Remove-Item -path 'C:\Users\Admin\AppData\Local\Temp\doc07675720200626101857.exe' & exit
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:4136
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          powershell Start-Sleep -Seconds 2; Remove-Item -path 'C:\Users\Admin\AppData\Local\Temp\doc07675720200626101857.exe'
          4⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:1876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1876-141-0x0000000005B00000-0x0000000006128000-memory.dmp

    Filesize

    6.2MB

    Download

  • memory/1876-148-0x0000000006EB0000-0x0000000006ED2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/1876-147-0x0000000007B70000-0x0000000007C06000-memory.dmp

    Filesize

    600KB

    Download

  • memory/1876-146-0x0000000006DD0000-0x0000000006DEA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1876-145-0x0000000007F50000-0x00000000085CA000-memory.dmp

    Filesize

    6.5MB

    Download

  • memory/1876-144-0x00000000068F0000-0x000000000690E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/1876-143-0x00000000059D0000-0x0000000005A36000-memory.dmp

    Filesize

    408KB

    Download

  • memory/1876-142-0x0000000005930000-0x0000000005952000-memory.dmp

    Filesize

    136KB

    Download

  • memory/1876-140-0x0000000005320000-0x0000000005356000-memory.dmp

    Filesize

    216KB

    Download

  • memory/1928-130-0x0000000000400000-0x00000000004EF000-memory.dmp

    Filesize

    956KB

    Download

  • memory/4316-137-0x0000000005610000-0x00000000056A2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4316-136-0x0000000005250000-0x00000000052B6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4316-135-0x0000000004B80000-0x0000000004C1C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/4316-134-0x0000000004CA0000-0x0000000005244000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4316-133-0x0000000000C50000-0x0000000000CEA000-memory.dmp

    Filesize

    616KB

    Download

  • memory/4316-132-0x0000000000C50000-0x0000000000CEA000-memory.dmp

    Filesize

    616KB

    Download