Overview

overview

10

Static

static

DHL EXPRES...45.exe

windows7_x64

10

DHL EXPRES...45.exe

windows10_x64

3

Analysis

  • max time kernel
    74s
  • max time network
    113s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    09-07-2020 13:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DHL EXPRESS 564564645.exe

  • Size

    528KB

  • MD5

    32662db2df40ad788457a09784d46990

  • SHA1

    35b93e270343da6cc59ebbc798ebb84cf0b02ffe

  • SHA256

    c954915c636007a0b56fc62a07d5cecd336db2e938826c5fee24c61457694229

  • SHA512

    85836ca9b7454e4c5a35bc058dfe30456f89a607c7611217e2622bf79c4255804db1649bc0836cb5a3e041fb4f99060bfa004eddf2344ae1ce79b5bf4a202945

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DHL EXPRESS 564564645.exe
    "C:\Users\Admin\AppData\Local\Temp\DHL EXPRESS 564564645.exe"
    1⤵
      PID:2896
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 1136
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3816

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3816-0-0x0000000004370000-0x0000000004371000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3816-2-0x0000000004AB0000-0x0000000004AB1000-memory.dmp

      Filesize

      4KB

      Download