Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

DHL AWB In...__.exe

windows7_x64

10

DHL AWB In...__.exe

windows10_x64

3

Analysis

  • max time kernel
    129s
  • max time network
    102s
  • platform
    windows10_x64
  • resource
    win10v200430
  • submitted
    14/07/2020, 13:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe

  • Size

    1.9MB

  • MD5

    29ef05a7b09d8ea9dff23a13a6845b21

  • SHA1

    03c2136b3bf92209f8ee934693c67e208dd5b721

  • SHA256

    e666762b026d8017d202c3bf8f6b32d9a13bff5549735a93611e79b3c1a9ff83

  • SHA512

    a3739b7c7f085d827db7f0214566967cb734264bbf025820d96786cf8be8ec63aa6eab2eb3590be4177b6f0e41817fd47ea57e75dac5b59499c2fa4e7466b8a5

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe
    "C:\Users\Admin\AppData\Local\Temp\DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe"
    1⤵
      PID:1508
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 912
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious behavior: EnumeratesProcesses
        PID:2780

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2780-0-0x0000000004F60000-0x0000000004F61000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2780-1-0x0000000004F60000-0x0000000004F61000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2780-4-0x0000000005590000-0x0000000005591000-memory.dmp

      Filesize

      4KB

      Download