Analysis
-
max time kernel
138s -
max time network
141s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
30-06-2020 05:54
Static task
static1
Behavioral task
behavioral1
Sample
Receipt.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Receipt.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
Receipt.exe
-
Size
5.1MB
-
MD5
4d37240c2a9aab1b8dfd0aee7d418adc
-
SHA1
fb684fe749432d7fb74e95a26f6614362c9b26b2
-
SHA256
9013e308218b70c038971d37c9ab446b81108079344e71f25e1d131487657c97
-
SHA512
5e84c6ff15e51d044c68b01b371b94a00d9d3806ff3bb9cad2aa4446f0f14c79cd95228f13601b88b980152eb4c85f9c0a65eed09034489062d68e93afd7d5ea
Score
3/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 15 IoCs
Processes:
Receipt.exeWerFault.exepid process 1740 Receipt.exe 2128 WerFault.exe 2128 WerFault.exe 2128 WerFault.exe 2128 WerFault.exe 2128 WerFault.exe 2128 WerFault.exe 2128 WerFault.exe 2128 WerFault.exe 2128 WerFault.exe 2128 WerFault.exe 2128 WerFault.exe 2128 WerFault.exe 2128 WerFault.exe 2128 WerFault.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2128 1740 WerFault.exe Receipt.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
Receipt.exeWerFault.exedescription pid process Token: SeDebugPrivilege 1740 Receipt.exe Token: SeRestorePrivilege 2128 WerFault.exe Token: SeBackupPrivilege 2128 WerFault.exe Token: SeDebugPrivilege 2128 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Receipt.exe"C:\Users\Admin\AppData\Local\Temp\Receipt.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 9282⤵
- Suspicious behavior: EnumeratesProcesses
- Program crash
- Suspicious use of AdjustPrivilegeToken