Analysis
-
max time kernel
91s -
max time network
110s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
30-09-2022 23:18
Static task
static1
Behavioral task
behavioral1
Sample
DOC20220929007______________________________________________________________________________________.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
DOC20220929007______________________________________________________________________________________.exe
Resource
win10v2004-20220812-en
General
-
Target
DOC20220929007______________________________________________________________________________________.exe
-
Size
7KB
-
MD5
3ff3e6792d8a9b2235c0e8a480744747
-
SHA1
c698de49895254915dc2d3d31f87b4b693085664
-
SHA256
d8852b94d342aa820e6acd3db2233af7783fd8da9952a823d5e82edf5b038f4d
-
SHA512
564593ac3a31ca6bd08f142b231cb749b574b98518727ee9eebcdb27d7ed901c9562d46e1fb76f081a4d4ecb13212eff5f0a6f2c6712a75db53ae446afbcd49a
-
SSDEEP
96:chO1eHUD+dk8AyqNXk6LKH4MIzlCRrfsRQ+yunKUUQpzNt:cE1HD+FMk6LKH4pzYxfV+yuKULL
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3392 2564 WerFault.exe DOC20220929007______________________________________________________________________________________.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
DOC20220929007______________________________________________________________________________________.exedescription pid process Token: SeDebugPrivilege 2564 DOC20220929007______________________________________________________________________________________.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\DOC20220929007______________________________________________________________________________________.exe"C:\Users\Admin\AppData\Local\Temp\DOC20220929007______________________________________________________________________________________.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 16722⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2564 -ip 25641⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2564-132-0x0000000000F30000-0x0000000000F38000-memory.dmpFilesize
32KB