e666762b026d8017d202c3bf8f6b32d9a13bff5549735a93611e79b3c1a9ff83

Analysis

Target

DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe
Size

1.9MB
MD5

29ef05a7b09d8ea9dff23a13a6845b21
SHA1

03c2136b3bf92209f8ee934693c67e208dd5b721
SHA256

e666762b026d8017d202c3bf8f6b32d9a13bff5549735a93611e79b3c1a9ff83
SHA512

a3739b7c7f085d827db7f0214566967cb734264bbf025820d96786cf8be8ec63aa6eab2eb3590be4177b6f0e41817fd47ea57e75dac5b59499c2fa4e7466b8a5

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3492	2984	WerFault.exe	66

Suspicious use of AdjustPrivilegeToken 3 IoCs

Suspicious behavior: EnumeratesProcesses 13 IoCs

C:\Users\Admin\AppData\Local\Temp\DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe
"C:\Users\Admin\AppData\Local\Temp\DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe"
1⤵
PID:2984
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 904
  2⤵
  - Program crash
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious behavior: EnumeratesProcesses
  PID:3492

memory/3492-0-0x0000000004330000-0x0000000004331000-memory.dmp

Filesize
4KB

Download
memory/3492-1-0x0000000004330000-0x0000000004331000-memory.dmp

Filesize
4KB

Download
memory/3492-3-0x0000000004870000-0x0000000004871000-memory.dmp

Filesize
4KB

Download