Analysis

  • max time kernel
    147s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-06-2024 13:28

General

  • Target

    Scanned Documents.exe

  • Size

    892KB

  • MD5

    92897efceeadf53315a22b740f20e1e5

  • SHA1

    1fb78617996b7d1d7cd5715620c03a51284b6312

  • SHA256

    5e0b09d1ef168d8efae50bf55632e623cc5bcda27cc27dea384cd90fbef373a4

  • SHA512

    19f88ea4579dce1322a02b969f90a978f25111373509ee281854e158aa877c13857a836ff73206e919babc407e352bc554dda7c4b981aa3cd5caab4bfb4f98fe

  • SSDEEP

    24576:EMYewzKiN5imjB5ZeBeuAZQ8WlFW6OUyayyq7rjBB+:EMYeYN5imjBC07ZQ8iFWsy0q7m

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 52 IoCs
  • Suspicious behavior: MapViewOfSection 7 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3412
    • C:\Users\Admin\AppData\Local\Temp\Scanned Documents.exe
      "C:\Users\Admin\AppData\Local\Temp\Scanned Documents.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:228
      • C:\Users\Admin\AppData\Local\Temp\Scanned Documents.exe
        "C:\Users\Admin\AppData\Local\Temp\Scanned Documents.exe"
        3⤵
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        PID:4060
    • C:\Windows\SysWOW64\DWWIN.EXE
      "C:\Windows\SysWOW64\DWWIN.EXE"
      2⤵
      • Suspicious use of SetThreadContext
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:4324
      • C:\Program Files\Mozilla Firefox\Firefox.exe
        "C:\Program Files\Mozilla Firefox\Firefox.exe"
        3⤵
          PID:4908

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/228-8-0x0000000006540000-0x000000000654E000-memory.dmp

      Filesize

      56KB

    • memory/228-2-0x0000000005520000-0x0000000005AC4000-memory.dmp

      Filesize

      5.6MB

    • memory/228-9-0x0000000006550000-0x0000000006560000-memory.dmp

      Filesize

      64KB

    • memory/228-10-0x00000000065C0000-0x000000000664A000-memory.dmp

      Filesize

      552KB

    • memory/228-4-0x0000000005AD0000-0x0000000005E24000-memory.dmp

      Filesize

      3.3MB

    • memory/228-5-0x0000000005080000-0x000000000508A000-memory.dmp

      Filesize

      40KB

    • memory/228-6-0x0000000074880000-0x0000000075030000-memory.dmp

      Filesize

      7.7MB

    • memory/228-7-0x0000000005510000-0x0000000005526000-memory.dmp

      Filesize

      88KB

    • memory/228-0-0x000000007488E000-0x000000007488F000-memory.dmp

      Filesize

      4KB

    • memory/228-1-0x0000000000450000-0x0000000000530000-memory.dmp

      Filesize

      896KB

    • memory/228-3-0x0000000004F70000-0x0000000005002000-memory.dmp

      Filesize

      584KB

    • memory/228-11-0x0000000008E00000-0x0000000008E9C000-memory.dmp

      Filesize

      624KB

    • memory/228-14-0x0000000074880000-0x0000000075030000-memory.dmp

      Filesize

      7.7MB

    • memory/3412-40-0x0000000002AD0000-0x0000000002BE3000-memory.dmp

      Filesize

      1.1MB

    • memory/3412-32-0x0000000002AD0000-0x0000000002BE3000-memory.dmp

      Filesize

      1.1MB

    • memory/3412-31-0x0000000002AD0000-0x0000000002BE3000-memory.dmp

      Filesize

      1.1MB

    • memory/3412-28-0x000000000D3D0000-0x000000000FE5D000-memory.dmp

      Filesize

      42.6MB

    • memory/3412-20-0x000000000D3D0000-0x000000000FE5D000-memory.dmp

      Filesize

      42.6MB

    • memory/4060-17-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

    • memory/4060-18-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

    • memory/4060-12-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

    • memory/4060-15-0x0000000001AC0000-0x0000000001E0A000-memory.dmp

      Filesize

      3.3MB

    • memory/4060-24-0x0000000001A80000-0x0000000001AA0000-memory.dmp

      Filesize

      128KB

    • memory/4060-23-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

    • memory/4060-16-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

    • memory/4060-19-0x0000000001A80000-0x0000000001AA0000-memory.dmp

      Filesize

      128KB

    • memory/4324-26-0x0000000001200000-0x000000000123F000-memory.dmp

      Filesize

      252KB

    • memory/4324-27-0x00000000030F0000-0x000000000318F000-memory.dmp

      Filesize

      636KB

    • memory/4324-29-0x0000000001200000-0x000000000123F000-memory.dmp

      Filesize

      252KB

    • memory/4324-30-0x00000000030F0000-0x000000000318F000-memory.dmp

      Filesize

      636KB

    • memory/4324-25-0x00000000031D0000-0x000000000351A000-memory.dmp

      Filesize

      3.3MB

    • memory/4324-22-0x0000000001200000-0x000000000123F000-memory.dmp

      Filesize

      252KB

    • memory/4324-21-0x0000000001200000-0x000000000123F000-memory.dmp

      Filesize

      252KB

    • memory/4908-39-0x000002CB89D30000-0x000002CB89E1A000-memory.dmp

      Filesize

      936KB