cd759300c8e46a70f35f4242e75b987beb809b89f244d7a7235dc33b868e245f | Triage

Analysis

max time kernel
136s
max time network
100s
platform
windows10_x64
resource
win10v200430
submitted
08/07/2020, 10:23

Sharing

Report Analysis Logs

General

Target

INVOICE_Dubai6778899455.exe
Size

224KB
MD5

de8e255db63ba62ce08aafcada997a76
SHA1

d0c19ad11433c5528e6f4c46a34b271d34cfcef7
SHA256

cd759300c8e46a70f35f4242e75b987beb809b89f244d7a7235dc33b868e245f
SHA512

ff10b8b5d6117f689b8cbf9acb083d353407fadcc3351a5dba6fa44ca6b58967f30ce4bd8da1545fa8fbb6b226b7ed4e93725e5b3b5ef17fbb7539d0122d9d74

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2744	2804	WerFault.exe	65

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	2744	WerFault.exe
Token: SeBackupPrivilege	2744	WerFault.exe
Token: SeDebugPrivilege	2744	WerFault.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
2744	WerFault.exe
2744	WerFault.exe
2744	WerFault.exe
2744	WerFault.exe
2744	WerFault.exe
2744	WerFault.exe
2744	WerFault.exe
2744	WerFault.exe
2744	WerFault.exe
2744	WerFault.exe
2744	WerFault.exe
2744	WerFault.exe
2744	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\INVOICE_Dubai6778899455.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE_Dubai6778899455.exe"
1⤵
PID:2804
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 936
  2⤵
  - Program crash
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious behavior: EnumeratesProcesses
  PID:2744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2744-0-0x00000000042C0000-0x00000000042C1000-memory.dmp

Filesize
4KB

Download
memory/2744-1-0x0000000004A50000-0x0000000004A51000-memory.dmp

Filesize
4KB

Download