47361c18c953725b9469ef9a229e109e981bdd1b2673f7ad582d98d1447110c3

Analysis

max time kernel
66s
max time network
50s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
29-04-2024 11:44

Target

shipping doc.exe
Size

661KB
MD5

ff46c0bcefe3460241f6291f551c461a
SHA1

cde992ddcc16e2c42d39c89c48af840e354a0f29
SHA256

47361c18c953725b9469ef9a229e109e981bdd1b2673f7ad582d98d1447110c3
SHA512

f518d63316294e291449206ff09897decef7275d235e57bc5c6fd98113f9458bd6c1c8807a12b015bf6238fa0b663cce18af80566916172554a28e62807a3525
SSDEEP

12288:qRB778QCdqBOxWqLOZhxqAA8qmZ7WKGYBI0pdY:GB8dqq8qmZrg

Score

1^/10

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

shipping doc.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

shipping doc.exe

description pid process

Token: SeDebugPrivilege 224 shipping doc.exe

description	pid	process
Token: SeDebugPrivilege	224	shipping doc.exe

Suspicious use of WriteProcessMemory 15 IoCs

Processes:

shipping doc.exe

description	pid	process	target process
PID 224 wrote to memory of 3344	224	shipping doc.exe	shipping doc.exe
PID 224 wrote to memory of 3344	224	shipping doc.exe	shipping doc.exe
PID 224 wrote to memory of 3344	224	shipping doc.exe	shipping doc.exe
PID 224 wrote to memory of 3188	224	shipping doc.exe	shipping doc.exe
PID 224 wrote to memory of 3188	224	shipping doc.exe	shipping doc.exe
PID 224 wrote to memory of 3188	224	shipping doc.exe	shipping doc.exe
PID 224 wrote to memory of 3284	224	shipping doc.exe	shipping doc.exe
PID 224 wrote to memory of 3284	224	shipping doc.exe	shipping doc.exe
PID 224 wrote to memory of 3284	224	shipping doc.exe	shipping doc.exe
PID 224 wrote to memory of 2424	224	shipping doc.exe	shipping doc.exe
PID 224 wrote to memory of 2424	224	shipping doc.exe	shipping doc.exe
PID 224 wrote to memory of 2424	224	shipping doc.exe	shipping doc.exe
PID 224 wrote to memory of 3272	224	shipping doc.exe	shipping doc.exe
PID 224 wrote to memory of 3272	224	shipping doc.exe	shipping doc.exe
PID 224 wrote to memory of 3272	224	shipping doc.exe	shipping doc.exe

C:\Users\Admin\AppData\Local\Temp\shipping doc.exe
"C:\Users\Admin\AppData\Local\Temp\shipping doc.exe"
2⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\shipping doc.exe
"C:\Users\Admin\AppData\Local\Temp\shipping doc.exe"
2⤵
PID:3188

C:\Users\Admin\AppData\Local\Temp\shipping doc.exe
"C:\Users\Admin\AppData\Local\Temp\shipping doc.exe"
2⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\shipping doc.exe
"C:\Users\Admin\AppData\Local\Temp\shipping doc.exe"
2⤵
PID:2424

C:\Users\Admin\AppData\Local\Temp\shipping doc.exe
"C:\Users\Admin\AppData\Local\Temp\shipping doc.exe"
2⤵
PID:3272

memory/224-0-0x0000000000990000-0x0000000000A3A000-memory.dmp

Filesize
680KB

Download
memory/224-1-0x0000000074910000-0x00000000750C0000-memory.dmp

Filesize
7.7MB

Download
memory/224-2-0x00000000059C0000-0x0000000005F64000-memory.dmp

Filesize
5.6MB

Download
memory/224-3-0x0000000005310000-0x00000000053A2000-memory.dmp

Filesize
584KB

Download
memory/224-4-0x00000000052C0000-0x00000000052D0000-memory.dmp

Filesize
64KB

Download
memory/224-5-0x0000000005300000-0x000000000530A000-memory.dmp

Filesize
40KB

Download
memory/224-6-0x0000000005550000-0x0000000005568000-memory.dmp

Filesize
96KB

Download
memory/224-7-0x00000000059A0000-0x00000000059AE000-memory.dmp

Filesize
56KB

Download
memory/224-8-0x00000000059B0000-0x00000000059C6000-memory.dmp

Filesize
88KB

Download
memory/224-9-0x00000000064E0000-0x0000000006564000-memory.dmp

Filesize
528KB

Download
memory/224-10-0x0000000008D00000-0x0000000008D9C000-memory.dmp

Filesize
624KB

Download
memory/224-12-0x0000000074910000-0x00000000750C0000-memory.dmp

Filesize
7.7MB

Download