Analysis
-
max time kernel
64s -
max time network
109s -
platform
windows10_x64 -
resource
win10v200722 -
submitted
31-07-2020 13:26
Static task
static1
Behavioral task
behavioral1
Sample
Shipping Documents.exe
Resource
win7v200722
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Shipping Documents.exe
Resource
win10v200722
windows10_x64
0 signatures
0 seconds
General
-
Target
Shipping Documents.exe
-
Size
783KB
-
MD5
e5bde8a869853246fcb3e03f8549745b
-
SHA1
e615e5d128153806519a2d7e500dc3f15a72aaed
-
SHA256
ee262364ef33326ce4d145a1bc920ded3750d2d73596c623962080b58084de1d
-
SHA512
eb646865c32e2882d9ef11f9dd4ccc4c794ffe4e714ecdc7a74d7f738425b0b0e4637a4f5cc9d2a8a5ea1b7ed673eb11656dffcb5e758641b463d5d52ca76536
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3956 728 WerFault.exe Shipping Documents.exe -
Suspicious behavior: EnumeratesProcesses 16 IoCs
Processes:
Shipping Documents.exeWerFault.exepid process 728 Shipping Documents.exe 728 Shipping Documents.exe 728 Shipping Documents.exe 3956 WerFault.exe 3956 WerFault.exe 3956 WerFault.exe 3956 WerFault.exe 3956 WerFault.exe 3956 WerFault.exe 3956 WerFault.exe 3956 WerFault.exe 3956 WerFault.exe 3956 WerFault.exe 3956 WerFault.exe 3956 WerFault.exe 3956 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
Shipping Documents.exeWerFault.exedescription pid process Token: SeDebugPrivilege 728 Shipping Documents.exe Token: SeRestorePrivilege 3956 WerFault.exe Token: SeBackupPrivilege 3956 WerFault.exe Token: SeDebugPrivilege 3956 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Shipping Documents.exe"C:\Users\Admin\AppData\Local\Temp\Shipping Documents.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 728 -s 9602⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken