Analysis
-
max time kernel
118s -
max time network
123s -
platform
windows10_x64 -
resource
win10 -
submitted
30-06-2020 13:36
Static task
static1
Behavioral task
behavioral1
Sample
CONSIGNEE BL. NO GLNL20063871.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
CONSIGNEE BL. NO GLNL20063871.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
CONSIGNEE BL. NO GLNL20063871.exe
-
Size
392KB
-
MD5
eafb5ecce79a78ff6f61de7830e3c492
-
SHA1
f6d454e65aabcf2ee7c13eb01b776e2d557bf30f
-
SHA256
841418cdd1e9639a6a192eb8f9fd9881f042f49a7cb2bd3463a8a6964a424b50
-
SHA512
99a64b81a8dbe8ae3a2f2601111fbf52f94cf496d4475b2635862ae6473a81e8d1faa5b69b941d0d0e0c361b2a39ea731033143c6cdad45ac8c6295381e5ca35
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3512 3916 WerFault.exe CONSIGNEE BL. NO GLNL20063871.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 3512 WerFault.exe 3512 WerFault.exe 3512 WerFault.exe 3512 WerFault.exe 3512 WerFault.exe 3512 WerFault.exe 3512 WerFault.exe 3512 WerFault.exe 3512 WerFault.exe 3512 WerFault.exe 3512 WerFault.exe 3512 WerFault.exe 3512 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 3512 WerFault.exe Token: SeBackupPrivilege 3512 WerFault.exe Token: SeDebugPrivilege 3512 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\CONSIGNEE BL. NO GLNL20063871.exe"C:\Users\Admin\AppData\Local\Temp\CONSIGNEE BL. NO GLNL20063871.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 8962⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken