Analysis

  • max time kernel
    136s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-08-2023 04:44

General

  • Target

    ic_content_sticker_location_emerald.xml

  • Size

    1KB

  • MD5

    aadfe32db3ccc31c96197f0591e0fa18

  • SHA1

    59ce2e9a22fff2e9a1b68578c429f5d710463d0e

  • SHA256

    71d43fecf9f2ef6e37022c8446194d74f11b7c05816ce321f6a84279c870b4fc

  • SHA512

    914f19b03527d440752bc284fa46af19ae7cf9f4d2c11cb7bb2753fd50526181e6ca5abed68c695236227b5d8e39db1b5f9359c2d0470a4eaa147c244cc91ddd

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
    "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\ic_content_sticker_location_emerald.xml"
    1⤵
      PID:1268
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe -u -p 1268 -s 448
        2⤵
        • Program crash
        PID:3384
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -pss -s 408 -p 1268 -ip 1268
      1⤵
        PID:408

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1268-0-0x00007FFCFE7D0000-0x00007FFCFE7E0000-memory.dmp

        Filesize

        64KB

      • memory/1268-1-0x00007FFD3E750000-0x00007FFD3E945000-memory.dmp

        Filesize

        2.0MB

      • memory/1268-2-0x00007FFD3E750000-0x00007FFD3E945000-memory.dmp

        Filesize

        2.0MB

      • memory/1268-3-0x00007FFD3C4A0000-0x00007FFD3C769000-memory.dmp

        Filesize

        2.8MB

      • memory/1268-4-0x00007FFCFE7D0000-0x00007FFCFE7E0000-memory.dmp

        Filesize

        64KB

      • memory/1268-5-0x00007FFD3E750000-0x00007FFD3E945000-memory.dmp

        Filesize

        2.0MB