Analysis

  • max time kernel
    65s
  • max time network
    117s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    07-07-2020 09:09

General

  • Target

    PO-.414 Order 1.exe

  • Size

    730KB

  • MD5

    7a8db372724522ffa05a45c80a921e31

  • SHA1

    e6b2e799307a98d3c20d74e0e149bb600a7a600f

  • SHA256

    7b6327de8bc2bfeb87efeb5d5846824813caca6bba489ac19fa4c0e72b144b60

  • SHA512

    e6100eae64112f2c61bbe37b0cdfe367e16d6e1566e30da6b5c215f06445ca462a39969d9bd0b60adaa7f0bfcf5cfd4018e5bb62ed562838478465760f2a86cb

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PO-.414 Order 1.exe
    "C:\Users\Admin\AppData\Local\Temp\PO-.414 Order 1.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2532
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 936
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4028-0-0x0000000004D30000-0x0000000004D31000-memory.dmp

    Filesize

    4KB

  • memory/4028-1-0x0000000005470000-0x0000000005471000-memory.dmp

    Filesize

    4KB