Analysis
-
max time kernel
134s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-ja -
resource tags
arch:x64arch:x86image:win10v2004-20240226-jalocale:ja-jpos:windows10-2004-x64systemwindows -
submitted
10-06-2024 00:43
Static task
static1
Behavioral task
behavioral1
Sample
Ship Docs YINGHAI-MANE PO 240786/Ship Docs YINGHAI-MANE PO 240786.xlsx.exe
Resource
win7-20240419-ja
Behavioral task
behavioral2
Sample
Ship Docs YINGHAI-MANE PO 240786/Ship Docs YINGHAI-MANE PO 240786.xlsx.exe
Resource
win10v2004-20240226-ja
General
-
Target
Ship Docs YINGHAI-MANE PO 240786/Ship Docs YINGHAI-MANE PO 240786.xlsx.exe
-
Size
390KB
-
MD5
9ad1097ef6d23a86d4b9327e54fdc9bc
-
SHA1
517d09c1d755f08f3c5bf073d87185a801b68907
-
SHA256
df9e1f7fa8d1badaa7afd42cc3aac4ef5aad3a9973ee71059599325284566e67
-
SHA512
1ea9293a6931e191b1c63537fc5ea003e8ae98d53242a711769052bf9ba1976def2bb5f7894f85a0da087c0a4354a68474268da77d8438cfbb0a04299df7c955
-
SSDEEP
6144:nG8/Pl5W2KYbjOrq1NijSchoiEC8IjhJwJpNhCF5qGI3f2nwf0F4eQhrt/bcnAI:n2rgijP7EHEsvNhC7IfBbhrt4T
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
Ship Docs YINGHAI-MANE PO 240786.xlsx.exedescription pid Process procid_target PID 4080 set thread context of 4604 4080 Ship Docs YINGHAI-MANE PO 240786.xlsx.exe 92 -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target Process procid_target 1700 4604 WerFault.exe 92 -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
Ship Docs YINGHAI-MANE PO 240786.xlsx.exedescription pid Process procid_target PID 4080 wrote to memory of 4604 4080 Ship Docs YINGHAI-MANE PO 240786.xlsx.exe 92 PID 4080 wrote to memory of 4604 4080 Ship Docs YINGHAI-MANE PO 240786.xlsx.exe 92 PID 4080 wrote to memory of 4604 4080 Ship Docs YINGHAI-MANE PO 240786.xlsx.exe 92 PID 4080 wrote to memory of 4604 4080 Ship Docs YINGHAI-MANE PO 240786.xlsx.exe 92
Processes
-
C:\Users\Admin\AppData\Local\Temp\Ship Docs YINGHAI-MANE PO 240786\Ship Docs YINGHAI-MANE PO 240786.xlsx.exe"C:\Users\Admin\AppData\Local\Temp\Ship Docs YINGHAI-MANE PO 240786\Ship Docs YINGHAI-MANE PO 240786.xlsx.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4080 -
C:\Users\Admin\AppData\Local\Temp\Ship Docs YINGHAI-MANE PO 240786\Ship Docs YINGHAI-MANE PO 240786.xlsx.exe"C:\Users\Admin\AppData\Local\Temp\Ship Docs YINGHAI-MANE PO 240786\Ship Docs YINGHAI-MANE PO 240786.xlsx.exe"2⤵PID:4604
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 803⤵
- Program crash
PID:1700
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 4604 -ip 46041⤵PID:3452
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=ja --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=6332 --field-trial-handle=2008,i,6187163678980365832,2290078537353632866,262144 --variations-seed-version /prefetch:81⤵PID:1080