Analysis
-
max time kernel
70s -
max time network
110s -
platform
windows10_x64 -
resource
win10 -
submitted
08-07-2020 07:17
Static task
static1
Behavioral task
behavioral1
Sample
DHL AWB #7849402748,pdf.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
DHL AWB #7849402748,pdf.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
DHL AWB #7849402748,pdf.exe
-
Size
5.6MB
-
MD5
9a099cecae30cc98f819f1724c2f2a82
-
SHA1
e4c1308358cf300d092d2d0a9927180890ec951f
-
SHA256
b0b358f5e0f4bfb12abe5066a9083f881c3b9c501029d9ce45416d36eb2e866c
-
SHA512
caa53a4c53ee9645a29a11d4c37a7af9fa4e456a49581d4616c8520f0fe2db9c5c66e2353ced397c322c3bdf4a284981f49b17601bea27e2345b567b8774a0d7
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3860 2892 WerFault.exe DHL AWB #7849402748,pdf.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
DHL AWB #7849402748,pdf.exeWerFault.exepid process 2892 DHL AWB #7849402748,pdf.exe 3860 WerFault.exe 3860 WerFault.exe 3860 WerFault.exe 3860 WerFault.exe 3860 WerFault.exe 3860 WerFault.exe 3860 WerFault.exe 3860 WerFault.exe 3860 WerFault.exe 3860 WerFault.exe 3860 WerFault.exe 3860 WerFault.exe 3860 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
DHL AWB #7849402748,pdf.exeWerFault.exedescription pid process Token: SeDebugPrivilege 2892 DHL AWB #7849402748,pdf.exe Token: SeRestorePrivilege 3860 WerFault.exe Token: SeBackupPrivilege 3860 WerFault.exe Token: SeDebugPrivilege 3860 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\DHL AWB #7849402748,pdf.exe"C:\Users\Admin\AppData\Local\Temp\DHL AWB #7849402748,pdf.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2892 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 9482⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3860