5fb81184151a7a59ce4f0a626aead2fbfd75ec8d0de69341c7e57d4c98e07507

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26-04-2024 09:26

Target

Docs.exe
Size

748KB
MD5

28da32c1cf8ead709f4888f84a697c28
SHA1

45122f3c46fb3400cc6710a830a259da54b07298
SHA256

c10f8bc18521b4c90063ae5fc1e0e95e40ed35be3758d90f597d7cc1e3853ade
SHA512

6d67f361a2f126e35f31e0ff5298bed2ee36e0262a8d71ec5254277c2ed122d9769bb7cc168d00b47616fd381f625a1a6542854c84d9c7cc184c607312fdef13
SSDEEP

12288:90K/pbM4nsSz3ITyeYmaNKiz4xrreLpSYHK6rPILRwwAF9:90iM4nuTyVXNDz4xIYGK2Wg9

Score

1^/10

Suspicious behavior: EnumeratesProcesses 7 IoCs

Processes:

Docs.exe

pid process

2360 Docs.exe
2360 Docs.exe
2360 Docs.exe
2360 Docs.exe
2360 Docs.exe
2360 Docs.exe
2360 Docs.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Docs.exe

description pid process

Token: SeDebugPrivilege 2360 Docs.exe

description	pid	process
Token: SeDebugPrivilege	2360	Docs.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

Docs.exe

description	pid	process	target process
PID 2360 wrote to memory of 2024	2360	Docs.exe	Docs.exe
PID 2360 wrote to memory of 2024	2360	Docs.exe	Docs.exe
PID 2360 wrote to memory of 2024	2360	Docs.exe	Docs.exe
PID 2360 wrote to memory of 2024	2360	Docs.exe	Docs.exe
PID 2360 wrote to memory of 2932	2360	Docs.exe	Docs.exe
PID 2360 wrote to memory of 2932	2360	Docs.exe	Docs.exe
PID 2360 wrote to memory of 2932	2360	Docs.exe	Docs.exe
PID 2360 wrote to memory of 2932	2360	Docs.exe	Docs.exe
PID 2360 wrote to memory of 1696	2360	Docs.exe	Docs.exe
PID 2360 wrote to memory of 1696	2360	Docs.exe	Docs.exe
PID 2360 wrote to memory of 1696	2360	Docs.exe	Docs.exe
PID 2360 wrote to memory of 1696	2360	Docs.exe	Docs.exe
PID 2360 wrote to memory of 2268	2360	Docs.exe	Docs.exe
PID 2360 wrote to memory of 2268	2360	Docs.exe	Docs.exe
PID 2360 wrote to memory of 2268	2360	Docs.exe	Docs.exe
PID 2360 wrote to memory of 2268	2360	Docs.exe	Docs.exe
PID 2360 wrote to memory of 2836	2360	Docs.exe	Docs.exe
PID 2360 wrote to memory of 2836	2360	Docs.exe	Docs.exe
PID 2360 wrote to memory of 2836	2360	Docs.exe	Docs.exe
PID 2360 wrote to memory of 2836	2360	Docs.exe	Docs.exe

C:\Users\Admin\AppData\Local\Temp\Docs.exe
"C:\Users\Admin\AppData\Local\Temp\Docs.exe"
2⤵
PID:2024

C:\Users\Admin\AppData\Local\Temp\Docs.exe
"C:\Users\Admin\AppData\Local\Temp\Docs.exe"
2⤵
PID:2932

C:\Users\Admin\AppData\Local\Temp\Docs.exe
"C:\Users\Admin\AppData\Local\Temp\Docs.exe"
2⤵
PID:1696

C:\Users\Admin\AppData\Local\Temp\Docs.exe
"C:\Users\Admin\AppData\Local\Temp\Docs.exe"
2⤵
PID:2268

C:\Users\Admin\AppData\Local\Temp\Docs.exe
"C:\Users\Admin\AppData\Local\Temp\Docs.exe"
2⤵
PID:2836

memory/2360-0-0x00000000003A0000-0x000000000045E000-memory.dmp

Filesize
760KB

Download
memory/2360-1-0x0000000074B70000-0x000000007525E000-memory.dmp

Filesize
6.9MB

Download
memory/2360-2-0x0000000000470000-0x00000000004B0000-memory.dmp

Filesize
256KB

Download
memory/2360-3-0x0000000000380000-0x0000000000398000-memory.dmp

Filesize
96KB

Download
memory/2360-4-0x0000000000330000-0x000000000033E000-memory.dmp

Filesize
56KB

Download
memory/2360-5-0x0000000000460000-0x0000000000474000-memory.dmp

Filesize
80KB

Download
memory/2360-6-0x00000000006B0000-0x0000000000732000-memory.dmp

Filesize
520KB

Download
memory/2360-7-0x0000000074B70000-0x000000007525E000-memory.dmp

Filesize
6.9MB

Download