Overview

overview

10

Static

static

SHIPMENT RECEIPT.exe

windows7_x64

10

SHIPMENT RECEIPT.exe

windows10_x64

3

Analysis

  • max time kernel
    77s
  • max time network
    120s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    30-06-2020 08:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SHIPMENT RECEIPT.exe

  • Size

    901KB

  • MD5

    8cb3c6e7b7287e1f31065550d42af32d

  • SHA1

    8cd137ee856179155f99996684fd772124128a87

  • SHA256

    b464e356f98cb514fa9b6131c3af6b27099dddaf1b6ca50ae7bae783beb02af0

  • SHA512

    b0af1fddf587bf594733b72023804bff994191d5dabab5e5877f33ea0a680632daa570da6f0dcec4476541f3a682e1e94ff0d469218af22eec5517a8a63d8253

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SHIPMENT RECEIPT.exe
    "C:\Users\Admin\AppData\Local\Temp\SHIPMENT RECEIPT.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3100
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 924
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3856-0-0x0000000004B40000-0x0000000004B41000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3856-1-0x0000000005180000-0x0000000005181000-memory.dmp
    Filesize

    4KB

    Download