Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10_x64 -
resource
win10 -
submitted
30-06-2020 05:25
Static task
static1
Behavioral task
behavioral1
Sample
Consignment Details.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Consignment Details.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
Consignment Details.exe
-
Size
272KB
-
MD5
45f737c6d7e5c4f0875fde62b51f1662
-
SHA1
cdd82088b560caa55e17dd4714a5ffc394ec0db9
-
SHA256
f22d7dc547bfce01ab9f42f71a1ac6e4d0c164187a886d43861b49015520cbd9
-
SHA512
168a3d7831a1543df92d7bb686ea7587e49d182be180c9bc329e65e8df2227c7da6a4a0ef6e9052ec8a05975356fd167a1340122cc936ba23a59688eb013ad0a
Score
3/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
Consignment Details.exeWerFault.exedescription pid process Token: SeDebugPrivilege 792 Consignment Details.exe Token: SeRestorePrivilege 3688 WerFault.exe Token: SeBackupPrivilege 3688 WerFault.exe Token: SeDebugPrivilege 3688 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 15 IoCs
Processes:
Consignment Details.exeWerFault.exepid process 792 Consignment Details.exe 3688 WerFault.exe 3688 WerFault.exe 3688 WerFault.exe 3688 WerFault.exe 3688 WerFault.exe 3688 WerFault.exe 3688 WerFault.exe 3688 WerFault.exe 3688 WerFault.exe 3688 WerFault.exe 3688 WerFault.exe 3688 WerFault.exe 3688 WerFault.exe 3688 WerFault.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3688 792 WerFault.exe Consignment Details.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Consignment Details.exe"C:\Users\Admin\AppData\Local\Temp\Consignment Details.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 9282⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
- Program crash