Analysis
-
max time kernel
68s -
max time network
118s -
platform
windows10_x64 -
resource
win10 -
submitted
09-07-2020 07:49
Static task
static1
Behavioral task
behavioral1
Sample
shipmt. docs.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
shipmt. docs.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
shipmt. docs.exe
-
Size
673KB
-
MD5
082a5aabb74c2af499c403dc666e160b
-
SHA1
3db0f86f3482308fe7aa28849367c87bb0fbab05
-
SHA256
4f7d098eae6da6be33eac760b42706400f38c821e26fa688a01a9a9fcbc3063c
-
SHA512
f047ec5778f55735e43b9b2d11a06bae2aa28611df580a84ded75f306d8b58718775f8ecec235cd450c2e4a39a86214864e57290ac887e3fc3f3f7144b200dd1
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3952 3868 WerFault.exe 66 -
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 3868 shipmt. docs.exe 3952 WerFault.exe 3952 WerFault.exe 3952 WerFault.exe 3952 WerFault.exe 3952 WerFault.exe 3952 WerFault.exe 3952 WerFault.exe 3952 WerFault.exe 3952 WerFault.exe 3952 WerFault.exe 3952 WerFault.exe 3952 WerFault.exe 3952 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeDebugPrivilege 3868 shipmt. docs.exe Token: SeRestorePrivilege 3952 WerFault.exe Token: SeBackupPrivilege 3952 WerFault.exe Token: SeDebugPrivilege 3952 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\shipmt. docs.exe"C:\Users\Admin\AppData\Local\Temp\shipmt. docs.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3868 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 11282⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3952
-