Overview

overview

10

Static

static

Original S...ts.exe

windows7_x64

10

Original S...ts.exe

windows10_x64

3

Analysis

  • max time kernel
    151s
  • max time network
    109s
  • platform
    windows10_x64
  • resource
    win10v200722
  • submitted
    31-07-2020 10:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Original Shipping Documents.exe

  • Size

    787KB

  • MD5

    24d470040d22bbff52a8388c96ede9c4

  • SHA1

    a58d9c3007c2316676f0ca1c43eb1da94a8d0aff

  • SHA256

    d1acb47d2f3d3f08def6a48de5ee5cd09cae41a8c0ad42553e83c3c36a98bba0

  • SHA512

    d1aacfc74db02e9c382766287531b00846c8c5c965f156a3df711ddfd94bd00c17ff5f315aad959f4ff04c98fc91d31f482d5be10eaf5ca1099433c5af86f860

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Original Shipping Documents.exe
    "C:\Users\Admin\AppData\Local\Temp\Original Shipping Documents.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4028
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 968
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3780-0-0x0000000004BB0000-0x0000000004BB1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3780-2-0x0000000005170000-0x0000000005171000-memory.dmp
    Filesize

    4KB

    Download