Analysis
-
max time kernel
42s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
04-12-2022 20:18
Static task
static1
Behavioral task
behavioral1
Sample
shippin docs.exe
Resource
win7-20220812-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
shippin docs.exe
Resource
win10v2004-20220812-en
13 signatures
150 seconds
General
-
Target
shippin docs.exe
-
Size
480KB
-
MD5
06d253413aa62c1eb72edb9fdc6e2a87
-
SHA1
a3d8c88b5b9709699c183925ce3ad653491aee9d
-
SHA256
f0ffe30cd228800ef89e93b87315c547fde5ec6e3dc8e09485b9004726bbe822
-
SHA512
74eee8077764b41bb10bfdb2f8408af549951abdf9244d0c609de931ba6f847b6653d1088cb4394de875c0f23837b28f712cc4c8161a50d4127206bb669d68bb
-
SSDEEP
12288:q0aShcx7plNJAYnIKPPfpZlrySug8pG94L3st+s0u5jgbO:q0aSholNJrXdr5ug88ss0s0gEO
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1860 1184 WerFault.exe shippin docs.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
shippin docs.exedescription pid process target process PID 1184 wrote to memory of 1860 1184 shippin docs.exe WerFault.exe PID 1184 wrote to memory of 1860 1184 shippin docs.exe WerFault.exe PID 1184 wrote to memory of 1860 1184 shippin docs.exe WerFault.exe