0dd55a234be8e3e07b0eb19f47abe594295889564ce6a9f6e8cc4d3997018839

Analysis

max time kernel
141s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2023, 13:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e-yazi.docx .exe
Size

1.6MB
MD5

b1820abc3a1ce2d32af04c18f9d2bfc3
SHA1

b260d80fa81885d63565773480ca1e436ab657a0
SHA256

6c55195f025fb895f9d0ec3edbf58bc0aa46c43eeb246cfb88eef1ae051171b3
SHA512

01085bd21fb6206b2af03cdef7490c73960d66a9c8a730436f9aa1fcb350063313ac06274ad6c63575410cd2b2ac64a6d33166fe5facc861926f762c0ca67924
SSDEEP

6144:ZmmDPbOztkAzkAZqrEdrEAZUCwFjNN1U:ZmmDgNPqrEdrEt

Score

5^/10

Malware Config

Signatures

Suspicious use of NtCreateThreadExHideFromDebugger 2 IoCs

pid	Process
1828	e-yazi.docx .exe
1828	e-yazi.docx .exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 1828 set thread context of 2648	1828	e-yazi.docx .exe	59
PID 1828 set thread context of 2912	1828	e-yazi.docx .exe	57

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1828	e-yazi.docx .exe
1828	e-yazi.docx .exe

C:\Windows\system32\taskhostw.exe
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
1⤵
PID:2912

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:2648

C:\Users\Admin\AppData\Local\Temp\e-yazi.docx .exe
"C:\Users\Admin\AppData\Local\Temp\e-yazi.docx .exe"
1⤵
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
PID:1828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
c8acc7ebd0274710ad136e9ebbf77b30

SHA1
d99222d014b6694013aca886e37094c480120566

SHA256
5faffea9fd8c3fd5cccb9acb4fc3dcda1b50e9f69e382acb3e07c893918a53d5

SHA512
8f030769ed0daa410468084783ec029e4a26697b8c684c18d270c459b84ca9b2359511540e37db2b35561893d72c314d273af066b623cbb3b49e7cd28ce2ecee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
434B

MD5
f40bd80ca954f629ecb52e7458d60ea8

SHA1
ad8f128d5327aab6f53cd7646b93e6612a3ede0b

SHA256
91497d0a5daee6bf2a6ef08306fc5f21d20f391c9b436ced736b60583406fd63

SHA512
995ee317f529e607a2824db3c8dbeb1382bd33b555656db69b697c5026f993eb4da1650209ca1cb689d7fca568c546f434d192195de89f508f0059ba2eaf85d9

Download Submit
memory/1828-133-0x00007FFB3A400000-0x00007FFB3A441000-memory.dmp

Filesize
260KB

Download
memory/1828-136-0x00007FFB3A400000-0x00007FFB3A441000-memory.dmp

Filesize
260KB

Download
memory/2648-214-0x00007FFB386E0000-0x00007FFB3876E000-memory.dmp

Filesize
568KB

Download
memory/2648-202-0x000001D37E090000-0x000001D37E0F5000-memory.dmp

Filesize
404KB

Download
memory/2648-144-0x00007FFB3A470000-0x00007FFB3A4D5000-memory.dmp

Filesize
404KB

Download
memory/2648-218-0x00007FFB4E2E0000-0x00007FFB4E2FB000-memory.dmp

Filesize
108KB

Download
memory/2648-138-0x000001D37D380000-0x000001D37D3F1000-memory.dmp

Filesize
452KB

Download
memory/2648-239-0x00007FFB4B2F0000-0x00007FFB4B318000-memory.dmp

Filesize
160KB

Download
memory/2648-236-0x00007FFB4B710000-0x00007FFB4B9C0000-memory.dmp

Filesize
2.7MB

Download
memory/2648-233-0x00007FFB49D80000-0x00007FFB4A250000-memory.dmp

Filesize
4.8MB

Download
memory/2648-226-0x000001D37E110000-0x000001D37E1A0000-memory.dmp

Filesize
576KB

Download
memory/2648-142-0x00007FFB56140000-0x00007FFB5687F000-memory.dmp

Filesize
7.2MB

Download
memory/2648-210-0x00007FFB4B340000-0x00007FFB4B52B000-memory.dmp

Filesize
1.9MB

Download
memory/2648-205-0x000001D37E290000-0x000001D37E485000-memory.dmp

Filesize
2.0MB

Download
memory/2648-206-0x00007FFB49D80000-0x00007FFB4A250000-memory.dmp

Filesize
4.8MB

Download
memory/2912-197-0x0000024F11BC0000-0x0000024F11C50000-memory.dmp

Filesize
576KB

Download
memory/2912-171-0x0000024F11B40000-0x0000024F11BA5000-memory.dmp

Filesize
404KB

Download
memory/2912-219-0x00007FFB55AD0000-0x00007FFB55AF7000-memory.dmp

Filesize
156KB

Download
memory/2912-189-0x00007FFB4E2E0000-0x00007FFB4E2FB000-memory.dmp

Filesize
108KB

Download
memory/2912-186-0x00007FFB386E0000-0x00007FFB3876E000-memory.dmp

Filesize
568KB

Download
memory/2912-184-0x00007FFB4B340000-0x00007FFB4B52B000-memory.dmp

Filesize
1.9MB

Download
memory/2912-183-0x00007FFB49D80000-0x00007FFB4A250000-memory.dmp

Filesize
4.8MB

Download
memory/2912-209-0x00007FFB49D80000-0x00007FFB4A250000-memory.dmp

Filesize
4.8MB

Download
memory/2912-181-0x0000024F11BC0000-0x0000024F11C50000-memory.dmp

Filesize
576KB

Download
memory/2912-143-0x00007FFB3A470000-0x00007FFB3A4D5000-memory.dmp

Filesize
404KB

Download
memory/2912-216-0x00007FFB54330000-0x00007FFB54364000-memory.dmp

Filesize
208KB

Download
memory/2912-708-0x00007FFB57820000-0x00007FFB57875000-memory.dmp

Filesize
340KB

Download
memory/2912-182-0x0000024F11BC0000-0x0000024F11C50000-memory.dmp

Filesize
576KB

Download
memory/2912-225-0x00007FFB54BB0000-0x00007FFB54BC8000-memory.dmp

Filesize
96KB

Download
memory/2912-229-0x00007FFB4B2F0000-0x00007FFB4B318000-memory.dmp

Filesize
160KB

Download
memory/2912-178-0x0000024F11BC0000-0x0000024F11C50000-memory.dmp

Filesize
576KB

Download
memory/2912-177-0x0000024F11BC0000-0x0000024F11C50000-memory.dmp

Filesize
576KB

Download
memory/2912-195-0x0000024F11A70000-0x0000024F11A71000-memory.dmp

Filesize
4KB

Download
memory/2912-141-0x00007FFB56140000-0x00007FFB5687F000-memory.dmp

Filesize
7.2MB

Download
memory/2912-172-0x0000024F11BC1000-0x0000024F11C26000-memory.dmp

Filesize
404KB

Download
memory/2912-702-0x00007FFB49D80000-0x00007FFB4A250000-memory.dmp

Filesize
4.8MB

Download
memory/2912-704-0x00007FFB55AD0000-0x00007FFB55AF7000-memory.dmp

Filesize
156KB

Download
memory/2912-705-0x00007FFB549B0000-0x00007FFB54A1A000-memory.dmp

Filesize
424KB

Download
memory/2912-706-0x00007FFB546F0000-0x00007FFB547BC000-memory.dmp

Filesize
816KB

Download
memory/2912-707-0x00007FFB4A470000-0x00007FFB4A578000-memory.dmp

Filesize
1.0MB

Download
memory/2912-170-0x0000024F11BC1000-0x0000024F11C26000-memory.dmp

Filesize
404KB

Download
memory/2912-709-0x00007FFB4D760000-0x00007FFB4D7DF000-memory.dmp

Filesize
508KB

Download
memory/2912-710-0x00007FFB546A0000-0x00007FFB546DB000-memory.dmp

Filesize
236KB

Download
memory/2912-711-0x00007FFB556B0000-0x00007FFB55806000-memory.dmp

Filesize
1.3MB

Download
memory/2912-712-0x00007FFB54DE0000-0x00007FFB54DF2000-memory.dmp

Filesize
72KB

Download
memory/2912-714-0x00007FFB551C0000-0x00007FFB551F1000-memory.dmp

Filesize
196KB

Download
memory/2912-715-0x00007FFB401D0000-0x00007FFB401E7000-memory.dmp

Filesize
92KB

Download
memory/2912-716-0x00007FFB54250000-0x00007FFB542E1000-memory.dmp

Filesize
580KB

Download