Analysis
-
max time kernel
136s -
max time network
104s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
16-07-2020 06:44
Static task
static1
Behavioral task
behavioral1
Sample
Please confirm your shipment address.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Please confirm your shipment address.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
Please confirm your shipment address.exe
-
Size
1.1MB
-
MD5
fd67f2468786ab7a02d00e3abe4ed5ac
-
SHA1
6f2119bdfea341acce131f9dab6479b68fb622cd
-
SHA256
1bd7fcf59176999d49faee562f699d840b4c1dd697055fa66e6a52c0846a9b42
-
SHA512
714653f371643e86a4ab80e8183167409bc8e65b5386e87ca3fc3e6b6a96a822d27aca58dc2e4231ebf87ea75bd48eeadc0e4357fbdd31279ec6295a7275c7a4
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2784 3848 WerFault.exe 65 -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 2784 WerFault.exe 2784 WerFault.exe 2784 WerFault.exe 2784 WerFault.exe 2784 WerFault.exe 2784 WerFault.exe 2784 WerFault.exe 2784 WerFault.exe 2784 WerFault.exe 2784 WerFault.exe 2784 WerFault.exe 2784 WerFault.exe 2784 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 2784 WerFault.exe Token: SeBackupPrivilege 2784 WerFault.exe Token: SeDebugPrivilege 2784 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Please confirm your shipment address.exe"C:\Users\Admin\AppData\Local\Temp\Please confirm your shipment address.exe"1⤵PID:3848
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 9442⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2784
-