Overview

overview

7

Static

static

Shipment D...mg.exe

windows7_x64

7

Shipment D...mg.exe

windows10_x64

3

Analysis

  • max time kernel
    129s
  • max time network
    71s
  • platform
    windows10_x64
  • resource
    win10v200430
  • submitted
    30-06-2020 08:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Shipment Documents PL&BL Draft img.exe

  • Size

    591KB

  • MD5

    055ec8209736da7ea8ae8a2dd314feee

  • SHA1

    3af70c9b799a9719b19935c38ec64b4cacbda211

  • SHA256

    1955d466452cd025985e7bfff38c2c02bd9000a50c47d75ac4d9303a726c074e

  • SHA512

    7744bc1058bcdf3682d20af3b5f967eafb52ecf6589fae71446734ff487e63e5157834993f1ad05636204dea70c629601765e356d90e2e25afc9e3141b42ac89

Score
3/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Shipment Documents PL&BL Draft img.exe
    "C:\Users\Admin\AppData\Local\Temp\Shipment Documents PL&BL Draft img.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1492
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 936
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:2028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2028-0-0x0000000004EF0000-0x0000000004EF1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2028-1-0x0000000005520000-0x0000000005521000-memory.dmp
    Filesize

    4KB

    Download