Analysis
-
max time kernel
36s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
12-10-2022 02:18
Static task
static1
Behavioral task
behavioral1
Sample
DOC20221011567890987655600000.exe
Resource
win7-20220812-en
windows7-x64
3 signatures
150 seconds
General
-
Target
DOC20221011567890987655600000.exe
-
Size
62KB
-
MD5
2d6ace20a34791c5296e4340c2fe0098
-
SHA1
c5e1b5ce674daef3144def97a32b0cba3cacb422
-
SHA256
9e9b9774e70f84a23aa0258af2d84f03509e9293b4f7fd419eeb5414a54c741b
-
SHA512
8b8eed06d5d1b1ab21cde39348714c2802ece03931d094a257435dc61c4ccf94e444312b195aed5c63e40bfce3d091ceff2995029ceb0bd1485239679375f290
-
SSDEEP
1536:6/pfn9Kpga/eHUTQQQQQQQBdBgN6b5/2kWSC6WLr1BDvas:4p/kpga/eHUTQQQQQQkdBft/2YWLr1Bf
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1124 1476 WerFault.exe DOC20221011567890987655600000.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
DOC20221011567890987655600000.exedescription pid process Token: SeDebugPrivilege 1476 DOC20221011567890987655600000.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
DOC20221011567890987655600000.exedescription pid process target process PID 1476 wrote to memory of 1124 1476 DOC20221011567890987655600000.exe WerFault.exe PID 1476 wrote to memory of 1124 1476 DOC20221011567890987655600000.exe WerFault.exe PID 1476 wrote to memory of 1124 1476 DOC20221011567890987655600000.exe WerFault.exe PID 1476 wrote to memory of 1124 1476 DOC20221011567890987655600000.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\DOC20221011567890987655600000.exe"C:\Users\Admin\AppData\Local\Temp\DOC20221011567890987655600000.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 11242⤵
- Program crash