Analysis

  • max time kernel
    130s
  • max time network
    23s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-ja
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-jalocale:ja-jpos:windows10-2004-x64systemwindows
  • submitted
    10-06-2024 00:45

General

  • Target

    Shipping Documents PONBOM01577/Shipping Documents PONBOM01577.xlsx.exe

  • Size

    390KB

  • MD5

    9ad1097ef6d23a86d4b9327e54fdc9bc

  • SHA1

    517d09c1d755f08f3c5bf073d87185a801b68907

  • SHA256

    df9e1f7fa8d1badaa7afd42cc3aac4ef5aad3a9973ee71059599325284566e67

  • SHA512

    1ea9293a6931e191b1c63537fc5ea003e8ae98d53242a711769052bf9ba1976def2bb5f7894f85a0da087c0a4354a68474268da77d8438cfbb0a04299df7c955

  • SSDEEP

    6144:nG8/Pl5W2KYbjOrq1NijSchoiEC8IjhJwJpNhCF5qGI3f2nwf0F4eQhrt/bcnAI:n2rgijP7EHEsvNhC7IfBbhrt4T

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Shipping Documents PONBOM01577\Shipping Documents PONBOM01577.xlsx.exe
    "C:\Users\Admin\AppData\Local\Temp\Shipping Documents PONBOM01577\Shipping Documents PONBOM01577.xlsx.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3900
    • C:\Users\Admin\AppData\Local\Temp\Shipping Documents PONBOM01577\Shipping Documents PONBOM01577.xlsx.exe
      "C:\Users\Admin\AppData\Local\Temp\Shipping Documents PONBOM01577\Shipping Documents PONBOM01577.xlsx.exe"
      2⤵
        PID:548
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 80
          3⤵
          • Program crash
          PID:3164
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 548 -ip 548
      1⤵
        PID:4772
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=ja --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5300 --field-trial-handle=2004,i,11353352523309642653,12819563506260093491,262144 --variations-seed-version /prefetch:8
        1⤵
          PID:1140

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/3900-0-0x000000007478E000-0x000000007478F000-memory.dmp

          Filesize

          4KB

        • memory/3900-1-0x0000000000C40000-0x0000000000CA6000-memory.dmp

          Filesize

          408KB

        • memory/3900-2-0x0000000074780000-0x0000000074F30000-memory.dmp

          Filesize

          7.7MB

        • memory/3900-5-0x0000000074780000-0x0000000074F30000-memory.dmp

          Filesize

          7.7MB

        • memory/3900-6-0x0000000074780000-0x0000000074F30000-memory.dmp

          Filesize

          7.7MB