3e83247ebdd89c43bd04229259af76b469d3fba37cbb1e4c44511ded6ba5b80a

Analysis

max time kernel
0s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 22:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1e705371dbd3159eed61c3d272679f00.doc
Size

82KB
MD5

1e705371dbd3159eed61c3d272679f00
SHA1

c1b434fef140b7b88ca0d80d0a1f4077f25e20f4
SHA256

3e83247ebdd89c43bd04229259af76b469d3fba37cbb1e4c44511ded6ba5b80a
SHA512

312f0586ff3875b909112d145602cca13d16dfcb2c3133e0ed0fdbd8374fb2172a3c4e89e75db93cc60191243fe4c1c4485acdf46d659015cd08323e30695d30
SSDEEP

768:qkyRY12wKETvtDyfUVP0CQqIIIIIm8DDI74tEJowtl8j4lVadUlQosa+S2II2II+:qITPbIDSYUowpWUuBfQwMk8+FCQ

Score

6^/10

Malware Config

Signatures

Process spawned suspicious child process 1 IoCs

This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

description	pid	pid_target	Process	procid_target
Parent C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE is not expected to spawn this process	3776	2544	DW20.EXE	14

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\1e705371dbd3159eed61c3d272679f00.doc" /o ""
1⤵
PID:2544
- C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE
  "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE" -x -s 1816
  2⤵
  - Process spawned suspicious child process
  PID:3776

C:\Windows\system32\dwwin.exe
C:\Windows\system32\dwwin.exe -x -s 1816
1⤵
PID:4084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2544-15-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/2544-14-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/2544-7-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/2544-6-0x00007FF8A3C70000-0x00007FF8A3C80000-memory.dmp

Filesize
64KB

Download
memory/2544-10-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/2544-13-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/2544-16-0x00007FF8A1510000-0x00007FF8A1520000-memory.dmp

Filesize
64KB

Download
memory/2544-19-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/2544-21-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/2544-22-0x00007FF8A1510000-0x00007FF8A1520000-memory.dmp

Filesize
64KB

Download
memory/2544-1-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/2544-4-0x00007FF8A3C70000-0x00007FF8A3C80000-memory.dmp

Filesize
64KB

Download
memory/2544-2-0x00007FF8A3C70000-0x00007FF8A3C80000-memory.dmp

Filesize
64KB

Download
memory/2544-3-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/2544-9-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/2544-20-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/2544-5-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/2544-8-0x00007FF8A3C70000-0x00007FF8A3C80000-memory.dmp

Filesize
64KB

Download
memory/2544-11-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/2544-12-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/2544-0-0x00007FF8A3C70000-0x00007FF8A3C80000-memory.dmp

Filesize
64KB

Download
memory/2544-44-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/2544-18-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/2544-17-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/3776-39-0x00007FF8A3C70000-0x00007FF8A3C80000-memory.dmp

Filesize
64KB

Download
memory/3776-43-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/3776-40-0x00007FF8A3C70000-0x00007FF8A3C80000-memory.dmp

Filesize
64KB

Download
memory/3776-25-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/3776-42-0x00007FF8A3C70000-0x00007FF8A3C80000-memory.dmp

Filesize
64KB

Download
memory/3776-27-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/3776-30-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/3776-31-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/3776-32-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/3776-41-0x00007FF8A3C70000-0x00007FF8A3C80000-memory.dmp

Filesize
64KB

Download