Analysis
-
max time kernel
147s -
max time network
101s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
30-06-2020 12:48
Static task
static1
Behavioral task
behavioral1
Sample
Payment Advice 3287326412.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Payment Advice 3287326412.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
Payment Advice 3287326412.exe
-
Size
418KB
-
MD5
1ffcfdc38c6bbbba2717aa03e062ea11
-
SHA1
352885f4fd51ddea221c057d9ae478819fcaef80
-
SHA256
1aa9ef9f0878b8dc89b3f02d4c051a1d9fcca3af5dd90eb4722876eb841e961d
-
SHA512
717358dcd7a5338c528fc8614c1192b5aee60f34512bca37df9f30cfd8ec5f174724aa6d3d90a5f9be746a97c7de4e40b9a506a421d681cee0d0149d7ad764f0
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2468 3768 WerFault.exe Payment Advice 3287326412.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 2468 WerFault.exe 2468 WerFault.exe 2468 WerFault.exe 2468 WerFault.exe 2468 WerFault.exe 2468 WerFault.exe 2468 WerFault.exe 2468 WerFault.exe 2468 WerFault.exe 2468 WerFault.exe 2468 WerFault.exe 2468 WerFault.exe 2468 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 2468 WerFault.exe Token: SeBackupPrivilege 2468 WerFault.exe Token: SeDebugPrivilege 2468 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Payment Advice 3287326412.exe"C:\Users\Admin\AppData\Local\Temp\Payment Advice 3287326412.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 8962⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken