Analysis
-
max time kernel
118s -
max time network
123s -
platform
windows10_x64 -
resource
win10 -
submitted
31-07-2020 13:45
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT ADVICE.pdf.exe
Resource
win7v200722
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
PAYMENT ADVICE.pdf.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
PAYMENT ADVICE.pdf.exe
-
Size
394KB
-
MD5
1275d29213c2580894371739beb16148
-
SHA1
5591bfdbad8f70d177b2889f0242d858fafc7750
-
SHA256
20e1f222ebae73bc71db60552d3733124fc5a2ce835ca2dde406c34217e6a061
-
SHA512
341ca5b3cc511f01abbc671d973c83e3673ad1dd605b70771182b0c894d1979fb73259fec99e95d24205be87e1fb0ecd77bf1d3b9cfacd378ff794fe69c39280
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3892 3104 WerFault.exe PAYMENT ADVICE.pdf.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 3892 WerFault.exe Token: SeBackupPrivilege 3892 WerFault.exe Token: SeDebugPrivilege 3892 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 3892 WerFault.exe 3892 WerFault.exe 3892 WerFault.exe 3892 WerFault.exe 3892 WerFault.exe 3892 WerFault.exe 3892 WerFault.exe 3892 WerFault.exe 3892 WerFault.exe 3892 WerFault.exe 3892 WerFault.exe 3892 WerFault.exe 3892 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\PAYMENT ADVICE.pdf.exe"C:\Users\Admin\AppData\Local\Temp\PAYMENT ADVICE.pdf.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 11722⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses