52380fa4188daab8d7e884c71da9e39e80048d7cfe373d0a5e197bd14fb43521

Resubmissions

13-09-2023 20:47

230913-zk1mnahe68 10

13-09-2023 19:55

230913-ym9snsef2y 10

13-09-2023 19:49

230913-yjtbhshc66 3

Analysis

max time kernel
2s
max time network
11s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
13-09-2023 20:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

form 03.22.2023 Gmail.one
Size

261KB
MD5

680c7dd9215c94bc4c6ba51bdfa43540
SHA1

b9311d4e871f0c04ceae3276d3719025d5aed546
SHA256

4de23bba14b8208a50658e40f77f9dc06cc5a46422bb9ae6fce4655e61893309
SHA512

ce092697c44eef08b9a8a8854f5b9693c978bc798e1850d1ac56ede542fbcf9ee82737757b7a8e8f847e3db4ff0f2c78be0d2f31ad7690fc3d91a5cf092d9f4a
SSDEEP

3072:xXzeHrBwsHzUfxJ3mY2IsGllOb3HPWaBtOzUfxJ3mY2IsGllOb3HPWaBtuXy:FeHrBwsYXm5ZGa3vRXm5ZGa3vb

Score

6^/10

Malware Config

Signatures

Process spawned suspicious child process 1 IoCs

This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

Processes:

DW20.EXE

description	pid	pid_target	process	target process
Parent C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE is not expected to spawn this process	2952	3272	DW20.EXE	ONENOTE.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

ONENOTE.EXE

pid process

3272 ONENOTE.EXE
3272 ONENOTE.EXE
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

ONENOTE.EXE

pid process

3272 ONENOTE.EXE

pid	process
3272	ONENOTE.EXE
3272	ONENOTE.EXE

pid	process
3272	ONENOTE.EXE

C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE
"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" "C:\Users\Admin\AppData\Local\Temp\form 03.22.2023 Gmail.one"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3272

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE
"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE" -x -s 2948
2⤵
- Process spawned suspicious child process
PID:2952

C:\Windows\system32\dwwin.exe
C:\Windows\system32\dwwin.exe -x -s 2948
3⤵
PID:2852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2952-24-0x00007FFF21030000-0x00007FFF21225000-memory.dmp

Filesize
2.0MB

Download
memory/2952-32-0x00007FFF21030000-0x00007FFF21225000-memory.dmp

Filesize
2.0MB

Download
memory/2952-33-0x00007FFF21030000-0x00007FFF21225000-memory.dmp

Filesize
2.0MB

Download
memory/2952-30-0x00007FFF21030000-0x00007FFF21225000-memory.dmp

Filesize
2.0MB

Download
memory/2952-28-0x00007FFF21030000-0x00007FFF21225000-memory.dmp

Filesize
2.0MB

Download
memory/2952-26-0x00007FFF21030000-0x00007FFF21225000-memory.dmp

Filesize
2.0MB

Download
memory/2952-23-0x00007FFF21030000-0x00007FFF21225000-memory.dmp

Filesize
2.0MB

Download
memory/3272-13-0x00007FFF21030000-0x00007FFF21225000-memory.dmp

Filesize
2.0MB

Download
memory/3272-18-0x00007FFF21030000-0x00007FFF21225000-memory.dmp

Filesize
2.0MB

Download
memory/3272-7-0x00007FFEE10B0000-0x00007FFEE10C0000-memory.dmp

Filesize
64KB

Download
memory/3272-10-0x00007FFF21030000-0x00007FFF21225000-memory.dmp

Filesize
2.0MB

Download
memory/3272-11-0x00007FFF21030000-0x00007FFF21225000-memory.dmp

Filesize
2.0MB

Download
memory/3272-12-0x00007FFF21030000-0x00007FFF21225000-memory.dmp

Filesize
2.0MB

Download
memory/3272-14-0x00007FFEDE9D0000-0x00007FFEDE9E0000-memory.dmp

Filesize
64KB

Download
memory/3272-0-0x00007FFEE10B0000-0x00007FFEE10C0000-memory.dmp

Filesize
64KB

Download
memory/3272-15-0x00007FFF21030000-0x00007FFF21225000-memory.dmp

Filesize
2.0MB

Download
memory/3272-16-0x00007FFEDE9D0000-0x00007FFEDE9E0000-memory.dmp

Filesize
64KB

Download
memory/3272-17-0x00007FFF21030000-0x00007FFF21225000-memory.dmp

Filesize
2.0MB

Download
memory/3272-9-0x00007FFEE10B0000-0x00007FFEE10C0000-memory.dmp

Filesize
64KB

Download
memory/3272-19-0x00007FFF21030000-0x00007FFF21225000-memory.dmp

Filesize
2.0MB

Download
memory/3272-20-0x00007FFF21030000-0x00007FFF21225000-memory.dmp

Filesize
2.0MB

Download
memory/3272-21-0x00007FFF21030000-0x00007FFF21225000-memory.dmp

Filesize
2.0MB

Download
memory/3272-8-0x00007FFF21030000-0x00007FFF21225000-memory.dmp

Filesize
2.0MB

Download
memory/3272-6-0x00007FFF21030000-0x00007FFF21225000-memory.dmp

Filesize
2.0MB

Download
memory/3272-2-0x00007FFEE10B0000-0x00007FFEE10C0000-memory.dmp

Filesize
64KB

Download
memory/3272-4-0x00007FFEE10B0000-0x00007FFEE10C0000-memory.dmp

Filesize
64KB

Download
memory/3272-5-0x00007FFF21030000-0x00007FFF21225000-memory.dmp

Filesize
2.0MB

Download
memory/3272-3-0x00007FFF21030000-0x00007FFF21225000-memory.dmp

Filesize
2.0MB

Download
memory/3272-1-0x00007FFF21030000-0x00007FFF21225000-memory.dmp

Filesize
2.0MB

Download
memory/3272-40-0x00007FFF21030000-0x00007FFF21225000-memory.dmp

Filesize
2.0MB

Download