Analysis
-
max time kernel
129s -
max time network
93s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
10-07-2020 18:01
Static task
static1
Behavioral task
behavioral1
Sample
Payment Note.jpg.bat.exe
Resource
win7
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Payment Note.jpg.bat.exe
Resource
win10v200430
0 signatures
0 seconds
General
-
Target
Payment Note.jpg.bat.exe
-
Size
3.5MB
-
MD5
0a58823cf240ad64edd991a378a3190d
-
SHA1
37f333ef38ec5b0befea8082ee5f915ede76f9a6
-
SHA256
1676e36eec12118ae10d1f090b6bf269d3f3c3ff771ecb0422231946415b2b13
-
SHA512
5b0713b9b07f0fb6cd7f26fc154b85cd9ba66a7cc5223d8181e07dc2018addd45dbea243fff155c0d20d20f6013301e0938ffa638974402522d023bcfb650134
Score
3/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
Payment Note.jpg.bat.exeWerFault.exedescription pid process Token: SeDebugPrivilege 1636 Payment Note.jpg.bat.exe Token: SeRestorePrivilege 3760 WerFault.exe Token: SeBackupPrivilege 3760 WerFault.exe Token: SeDebugPrivilege 3760 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
Payment Note.jpg.bat.exeWerFault.exepid process 1636 Payment Note.jpg.bat.exe 3760 WerFault.exe 3760 WerFault.exe 3760 WerFault.exe 3760 WerFault.exe 3760 WerFault.exe 3760 WerFault.exe 3760 WerFault.exe 3760 WerFault.exe 3760 WerFault.exe 3760 WerFault.exe 3760 WerFault.exe 3760 WerFault.exe 3760 WerFault.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3760 1636 WerFault.exe Payment Note.jpg.bat.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Payment Note.jpg.bat.exe"C:\Users\Admin\AppData\Local\Temp\Payment Note.jpg.bat.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 12842⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
- Program crash