Overview

overview

10

Static

static

DOC2022101...00.exe

windows7-x64

3

DOC2022101...00.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    36s
  • max time network
    44s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    12-10-2022 02:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DOC20221011567890987655600000.exe

  • Size

    62KB

  • MD5

    2d6ace20a34791c5296e4340c2fe0098

  • SHA1

    c5e1b5ce674daef3144def97a32b0cba3cacb422

  • SHA256

    9e9b9774e70f84a23aa0258af2d84f03509e9293b4f7fd419eeb5414a54c741b

  • SHA512

    8b8eed06d5d1b1ab21cde39348714c2802ece03931d094a257435dc61c4ccf94e444312b195aed5c63e40bfce3d091ceff2995029ceb0bd1485239679375f290

  • SSDEEP

    1536:6/pfn9Kpga/eHUTQQQQQQQBdBgN6b5/2kWSC6WLr1BDvas:4p/kpga/eHUTQQQQQQkdBft/2YWLr1Bf

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DOC20221011567890987655600000.exe
    "C:\Users\Admin\AppData\Local\Temp\DOC20221011567890987655600000.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1476
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 1124
      2⤵
      • Program crash
      PID:1124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1124-56-0x0000000000000000-mapping.dmp
    Download
  • memory/1476-54-0x0000000000C60000-0x0000000000C72000-memory.dmp
    Filesize

    72KB

    Download
  • memory/1476-55-0x0000000074C11000-0x0000000074C13000-memory.dmp
    Filesize

    8KB

    Download