Analysis
-
max time kernel
77s -
max time network
120s -
platform
windows10_x64 -
resource
win10 -
submitted
30-06-2020 08:52
Static task
static1
Behavioral task
behavioral1
Sample
SHIPMENT RECEIPT.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
SHIPMENT RECEIPT.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
SHIPMENT RECEIPT.exe
-
Size
901KB
-
MD5
8cb3c6e7b7287e1f31065550d42af32d
-
SHA1
8cd137ee856179155f99996684fd772124128a87
-
SHA256
b464e356f98cb514fa9b6131c3af6b27099dddaf1b6ca50ae7bae783beb02af0
-
SHA512
b0af1fddf587bf594733b72023804bff994191d5dabab5e5877f33ea0a680632daa570da6f0dcec4476541f3a682e1e94ff0d469218af22eec5517a8a63d8253
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3856 3100 WerFault.exe SHIPMENT RECEIPT.exe -
Suspicious behavior: EnumeratesProcesses 15 IoCs
Processes:
SHIPMENT RECEIPT.exeWerFault.exepid process 3100 SHIPMENT RECEIPT.exe 3856 WerFault.exe 3856 WerFault.exe 3856 WerFault.exe 3856 WerFault.exe 3856 WerFault.exe 3856 WerFault.exe 3856 WerFault.exe 3856 WerFault.exe 3856 WerFault.exe 3856 WerFault.exe 3856 WerFault.exe 3856 WerFault.exe 3856 WerFault.exe 3856 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
SHIPMENT RECEIPT.exeWerFault.exedescription pid process Token: SeDebugPrivilege 3100 SHIPMENT RECEIPT.exe Token: SeRestorePrivilege 3856 WerFault.exe Token: SeBackupPrivilege 3856 WerFault.exe Token: SeDebugPrivilege 3856 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SHIPMENT RECEIPT.exe"C:\Users\Admin\AppData\Local\Temp\SHIPMENT RECEIPT.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 9242⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken