Analysis
-
max time kernel
147s -
max time network
152s -
platform
windows10_x64 -
resource
win10 -
submitted
07-07-2020 13:23
Static task
static1
Behavioral task
behavioral1
Sample
Contract.pdf.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Contract.pdf.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
Contract.pdf.exe
-
Size
332KB
-
MD5
dd03071b4a17130fcff4f9fb5b4fd533
-
SHA1
8a038e1ed5dcede0207e2267890a7dc9393d28ef
-
SHA256
404f2420708cee39bb4f5c17d735a5c24a9d71efa5dc74aaedb434ff5254e72c
-
SHA512
6f94f89dda5c2e6bca2a61219cfa30631751c3dce73c375b9515fb2493ae5709be18ba23f0eb9b06cd6e2a30af50e2dbd6326c06305569bb64a75aca3f736c8e
Score
3/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
Contract.pdf.exeWerFault.exedescription pid process Token: SeDebugPrivilege 720 Contract.pdf.exe Token: SeRestorePrivilege 3572 WerFault.exe Token: SeBackupPrivilege 3572 WerFault.exe Token: SeDebugPrivilege 3572 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 15 IoCs
Processes:
Contract.pdf.exeWerFault.exepid process 720 Contract.pdf.exe 3572 WerFault.exe 3572 WerFault.exe 3572 WerFault.exe 3572 WerFault.exe 3572 WerFault.exe 3572 WerFault.exe 3572 WerFault.exe 3572 WerFault.exe 3572 WerFault.exe 3572 WerFault.exe 3572 WerFault.exe 3572 WerFault.exe 3572 WerFault.exe 3572 WerFault.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3572 720 WerFault.exe Contract.pdf.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Contract.pdf.exe"C:\Users\Admin\AppData\Local\Temp\Contract.pdf.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:720 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 720 -s 9402⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
- Program crash
PID:3572