ebf1ec7ae4ffea30cfe53ef7a278d8fa9dcf55c11d52303622b1d92f1b155012 | Triage

Analysis

max time kernel
13s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
04/07/2023, 18:16

Sharing

Report Analysis Logs

General

Target

sticker_bow.xml
Size

4KB
MD5

ca4e9c8d83e65fc252166f69aaecc6f7
SHA1

62ce1da98afe20a7860b90b7d14711ef2939fbc2
SHA256

bd2771bd595547bc16d5b3c10396d6215178d150afc68d119595d6239575c126
SHA512

4412c81c257100f5aa73d41f6437146d3256902b309b37524ae3fab56179bec5931b99acdda6996c9e8c8721e3bf9ed3d2f513d531c7fc731bff9f93bd13ec7d
SSDEEP

96:v+PXefIFJaIbH+6M1nkJxBtdL7X7Wvq2RjOVo1BiIiMBm:WXuIFJr+6M1kxjdf7+7wVo1QIi5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 872 wrote to memory of 428	872	MSOXMLED.EXE	28
PID 872 wrote to memory of 428	872	MSOXMLED.EXE	28
PID 872 wrote to memory of 428	872	MSOXMLED.EXE	28
PID 872 wrote to memory of 428	872	MSOXMLED.EXE	28

C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\sticker_bow.xml"
1⤵
- Suspicious use of WriteProcessMemory
PID:872
- C:\Program Files (x86)\Internet Explorer\iexplore.exe
  "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
  2⤵
  PID:428

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads