Overview

overview

10

Static

static

DHL.pdf.exe

windows7_x64

10

DHL.pdf.exe

windows10_x64

3

Analysis

  • max time kernel
    146s
  • max time network
    123s
  • platform
    windows10_x64
  • resource
    win10v200722
  • submitted
    31-07-2020 10:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DHL.pdf.exe

  • Size

    685KB

  • MD5

    9526795e344ae95e3e3ad193085a8025

  • SHA1

    1d455b8a473bde35b562dbf3570aa0ff20f7a59c

  • SHA256

    0f5a9f39314690159ba90e6e26e7d2810fcfc1e502d2336bf7cc7872b79b848f

  • SHA512

    86fc6115661d399c2e437967f75a94c66b77c14f306eb6ab5d5484abfe5b61ad7d751c402c640cff1d85694a5cdf3ce1c54b52731deb7a368802887cab39c37b

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DHL.pdf.exe
    "C:\Users\Admin\AppData\Local\Temp\DHL.pdf.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:508
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 1196
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3876-0-0x0000000004480000-0x0000000004481000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3876-2-0x00000000049C0000-0x00000000049C1000-memory.dmp
    Filesize

    4KB

    Download