1faab34dd2c0d326595be53a4c0092c9f7f10fbd8054a54e4d1b0beaf5ab5518

Analysis

max time kernel
0s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 12:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6d0458827121c7a2e95676419e88b0ed.doc
Size

71KB
MD5

6d0458827121c7a2e95676419e88b0ed
SHA1

226566429e1883faa2e87f1a626c4e12e303e605
SHA256

1faab34dd2c0d326595be53a4c0092c9f7f10fbd8054a54e4d1b0beaf5ab5518
SHA512

7cc042a3a6f59ed20a30ae8b6cd9d7db1b4c6b221daceef6aa41ce1f1514673477e043103be9a5428a208672f8111370272943ee087674441743a64f31186b63
SSDEEP

1536:EYBwk0vEHr11AQYyqGJHQYCDEtU6dLTR97el:dwnv+xQYNtU6Zvel

Score

10^/10

Malware Config

Signatures

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

description	pid	pid_target	Process	procid_target
Parent C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE is not expected to spawn this process	1172	5044	cmd.exe	14

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4132	2000	WerFault.exe	23

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\6d0458827121c7a2e95676419e88b0ed.doc" /o ""
1⤵
PID:5044
- C:\Windows\SYSTEM32\cmd.exe
  cmd /c c:\programdata\compareCompare.hta
  2⤵
  - Process spawned unexpected child process
  PID:1172
- - C:\Windows\SysWOW64\mshta.exe
    "C:\Windows\SysWOW64\mshta.exe" "C:\programdata\compareCompare.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
    3⤵
    PID:2000
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 1356
      4⤵
      Program crash
      PID:4132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2000 -ip 2000
1⤵
PID:2820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2000-45-0x0000000004580000-0x00000000045A0000-memory.dmp

Filesize
128KB

Download
memory/5044-2-0x00007FFD359F0000-0x00007FFD35A00000-memory.dmp

Filesize
64KB

Download
memory/5044-6-0x00007FFD75970000-0x00007FFD75B65000-memory.dmp

Filesize
2.0MB

Download
memory/5044-14-0x00007FFD75970000-0x00007FFD75B65000-memory.dmp

Filesize
2.0MB

Download
memory/5044-15-0x00007FFD75970000-0x00007FFD75B65000-memory.dmp

Filesize
2.0MB

Download
memory/5044-17-0x00007FFD75970000-0x00007FFD75B65000-memory.dmp

Filesize
2.0MB

Download
memory/5044-16-0x00007FFD75970000-0x00007FFD75B65000-memory.dmp

Filesize
2.0MB

Download
memory/5044-19-0x00007FFD75970000-0x00007FFD75B65000-memory.dmp

Filesize
2.0MB

Download
memory/5044-21-0x00007FFD75970000-0x00007FFD75B65000-memory.dmp

Filesize
2.0MB

Download
memory/5044-22-0x00007FFD75970000-0x00007FFD75B65000-memory.dmp

Filesize
2.0MB

Download
memory/5044-20-0x00007FFD75970000-0x00007FFD75B65000-memory.dmp

Filesize
2.0MB

Download
memory/5044-18-0x00007FFD33090000-0x00007FFD330A0000-memory.dmp

Filesize
64KB

Download
memory/5044-13-0x00007FFD75970000-0x00007FFD75B65000-memory.dmp

Filesize
2.0MB

Download
memory/5044-12-0x00007FFD33090000-0x00007FFD330A0000-memory.dmp

Filesize
64KB

Download
memory/5044-10-0x00007FFD75970000-0x00007FFD75B65000-memory.dmp

Filesize
2.0MB

Download
memory/5044-9-0x00007FFD75970000-0x00007FFD75B65000-memory.dmp

Filesize
2.0MB

Download
memory/5044-7-0x00007FFD75970000-0x00007FFD75B65000-memory.dmp

Filesize
2.0MB

Download
memory/5044-5-0x00007FFD75970000-0x00007FFD75B65000-memory.dmp

Filesize
2.0MB

Download
memory/5044-4-0x00007FFD359F0000-0x00007FFD35A00000-memory.dmp

Filesize
64KB

Download
memory/5044-11-0x00007FFD75970000-0x00007FFD75B65000-memory.dmp

Filesize
2.0MB

Download
memory/5044-3-0x00007FFD359F0000-0x00007FFD35A00000-memory.dmp

Filesize
64KB

Download
memory/5044-39-0x0000018820A00000-0x00000188219D0000-memory.dmp

Filesize
15.8MB

Download
memory/5044-0-0x00007FFD359F0000-0x00007FFD35A00000-memory.dmp

Filesize
64KB

Download
memory/5044-41-0x000001881CAD0000-0x000001881D2D0000-memory.dmp

Filesize
8.0MB

Download
memory/5044-1-0x00007FFD359F0000-0x00007FFD35A00000-memory.dmp

Filesize
64KB

Download
memory/5044-43-0x000001881CAD0000-0x000001881D2D0000-memory.dmp

Filesize
8.0MB

Download
memory/5044-8-0x00007FFD75970000-0x00007FFD75B65000-memory.dmp

Filesize
2.0MB

Download
memory/5044-58-0x00007FFD75970000-0x00007FFD75B65000-memory.dmp

Filesize
2.0MB

Download
memory/5044-57-0x00007FFD75970000-0x00007FFD75B65000-memory.dmp

Filesize
2.0MB

Download
memory/5044-59-0x0000018820A00000-0x00000188219D0000-memory.dmp

Filesize
15.8MB

Download
memory/5044-60-0x000001881CAD0000-0x000001881D2D0000-memory.dmp

Filesize
8.0MB

Download
memory/5044-61-0x000001881CAD0000-0x000001881D2D0000-memory.dmp

Filesize
8.0MB

Download
memory/5044-85-0x00007FFD75970000-0x00007FFD75B65000-memory.dmp

Filesize
2.0MB

Download
memory/5044-88-0x00007FFD75970000-0x00007FFD75B65000-memory.dmp

Filesize
2.0MB

Download
memory/5044-89-0x00007FFD75970000-0x00007FFD75B65000-memory.dmp

Filesize
2.0MB

Download
memory/5044-87-0x00007FFD75970000-0x00007FFD75B65000-memory.dmp

Filesize
2.0MB

Download
memory/5044-86-0x00007FFD359F0000-0x00007FFD35A00000-memory.dmp

Filesize
64KB

Download
memory/5044-84-0x00007FFD359F0000-0x00007FFD35A00000-memory.dmp

Filesize
64KB

Download
memory/5044-83-0x00007FFD359F0000-0x00007FFD35A00000-memory.dmp

Filesize
64KB

Download
memory/5044-82-0x00007FFD359F0000-0x00007FFD35A00000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads