Analysis
-
max time kernel
146s -
max time network
123s -
platform
windows10_x64 -
resource
win10v200722 -
submitted
31-07-2020 10:13
Static task
static1
Behavioral task
behavioral1
Sample
DHL.pdf.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
DHL.pdf.exe
Resource
win10v200722
windows10_x64
0 signatures
0 seconds
General
-
Target
DHL.pdf.exe
-
Size
685KB
-
MD5
9526795e344ae95e3e3ad193085a8025
-
SHA1
1d455b8a473bde35b562dbf3570aa0ff20f7a59c
-
SHA256
0f5a9f39314690159ba90e6e26e7d2810fcfc1e502d2336bf7cc7872b79b848f
-
SHA512
86fc6115661d399c2e437967f75a94c66b77c14f306eb6ab5d5484abfe5b61ad7d751c402c640cff1d85694a5cdf3ce1c54b52731deb7a368802887cab39c37b
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3876 508 WerFault.exe DHL.pdf.exe -
Suspicious behavior: EnumeratesProcesses 16 IoCs
Processes:
DHL.pdf.exeWerFault.exepid process 508 DHL.pdf.exe 508 DHL.pdf.exe 508 DHL.pdf.exe 3876 WerFault.exe 3876 WerFault.exe 3876 WerFault.exe 3876 WerFault.exe 3876 WerFault.exe 3876 WerFault.exe 3876 WerFault.exe 3876 WerFault.exe 3876 WerFault.exe 3876 WerFault.exe 3876 WerFault.exe 3876 WerFault.exe 3876 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
DHL.pdf.exeWerFault.exedescription pid process Token: SeDebugPrivilege 508 DHL.pdf.exe Token: SeRestorePrivilege 3876 WerFault.exe Token: SeBackupPrivilege 3876 WerFault.exe Token: SeDebugPrivilege 3876 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\DHL.pdf.exe"C:\Users\Admin\AppData\Local\Temp\DHL.pdf.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 11962⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken