Analysis
-
max time kernel
77s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
28-11-2022 08:02
Static task
static1
Behavioral task
behavioral1
Sample
SHIPPING DOC.exe
Resource
win7-20221111-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
SHIPPING DOC.exe
Resource
win10v2004-20221111-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
SHIPPING DOC.exe
-
Size
478KB
-
MD5
2a2c37b0186b83c12b975807546da3fb
-
SHA1
a0eef6a6122dab1d2c0e24c2d39edf0eb9999b05
-
SHA256
b9f6f3b9202df46f9e2b996e4c47cd77ea107932712c50d300f3d0ddefa75686
-
SHA512
d3fc6a7422abc8473a7b637034d3bd873008d15de83866043180047e2fda764083cb747a279e44ecca37867442e07ac853c8d1b2466c6497290eee751951361b
-
SSDEEP
12288:qwpYDXo4z1SRFedmp4JgoIkfoqbalNgp:qww4U1SRFr4ao9Aqbaly
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1472 1180 WerFault.exe SHIPPING DOC.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
SHIPPING DOC.exedescription pid process target process PID 1180 wrote to memory of 1472 1180 SHIPPING DOC.exe WerFault.exe PID 1180 wrote to memory of 1472 1180 SHIPPING DOC.exe WerFault.exe PID 1180 wrote to memory of 1472 1180 SHIPPING DOC.exe WerFault.exe