Analysis
-
max time kernel
135s -
max time network
136s -
platform
windows10_x64 -
resource
win10 -
submitted
07-07-2020 09:49
Static task
static1
Behavioral task
behavioral1
Sample
Remittance Advice Copy.pdf.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Remittance Advice Copy.pdf.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
Remittance Advice Copy.pdf.exe
-
Size
407KB
-
MD5
6b5336f1d7c2b76f1ef01955efb37319
-
SHA1
fdf5963190fcb5e95bd72a321974c76bf3c3097b
-
SHA256
a5d81b3d4d0df91d286ae0f3db7d166ecd013e8c53d1677be5b149edb9d15d42
-
SHA512
c8868b27013cef64d7e6ac0d42853f8a812abc998d6af4b41ad871735b9c48d85ad2da510ebcf3fb3af2e06a20afacb242fd2470d0e406d4304e5ef3beb3afdd
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3500 3060 WerFault.exe Remittance Advice Copy.pdf.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 3500 WerFault.exe Token: SeBackupPrivilege 3500 WerFault.exe Token: SeDebugPrivilege 3500 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 3500 WerFault.exe 3500 WerFault.exe 3500 WerFault.exe 3500 WerFault.exe 3500 WerFault.exe 3500 WerFault.exe 3500 WerFault.exe 3500 WerFault.exe 3500 WerFault.exe 3500 WerFault.exe 3500 WerFault.exe 3500 WerFault.exe 3500 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Remittance Advice Copy.pdf.exe"C:\Users\Admin\AppData\Local\Temp\Remittance Advice Copy.pdf.exe"1⤵PID:3060
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 11282⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:3500