Analysis
-
max time kernel
142s -
max time network
143s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
20-05-2021 19:15
General
-
Target
PAYMENT ADVISE HSBC INTERNATIONAL_pdf.exe
-
Size
592KB
-
MD5
f228daa5647666d29fd8a3450293867b
-
SHA1
71a0babceaa1cbda858383be9daeac2dd0ab0d21
-
SHA256
0c63172bdfe14f19a76c34ce3d9528761fc2e3b7e39d9a10ad5ee8a64cd79f29
-
SHA512
cf9f75b4752014a56c857957144496565448c6e1ef13b44ee0a84690ae04b7dd7ba5756a890051cd2433513916b6d6b767674482326d7c0fc2bbb2d91c7bcfc6
Score
9/10
Malware Config
Signatures
-
CustAttr .NET packer 1 IoCs
Detects CustAttr .NET packer in memory.
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\PAYMENT ADVISE HSBC INTERNATIONAL_pdf.exe"C:\Users\Admin\AppData\Local\Temp\PAYMENT ADVISE HSBC INTERNATIONAL_pdf.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 11202⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1808-114-0x0000000000920000-0x0000000000921000-memory.dmpFilesize
4KB
-
memory/1808-116-0x00000000051F0000-0x00000000051F1000-memory.dmpFilesize
4KB
-
memory/1808-117-0x0000000005870000-0x0000000005871000-memory.dmpFilesize
4KB
-
memory/1808-118-0x0000000005370000-0x0000000005371000-memory.dmpFilesize
4KB
-
memory/1808-119-0x0000000002D60000-0x0000000002D61000-memory.dmpFilesize
4KB
-
memory/1808-120-0x0000000005470000-0x0000000005471000-memory.dmpFilesize
4KB
-
memory/1808-121-0x0000000005460000-0x0000000005465000-memory.dmpFilesize
20KB
-
memory/1808-122-0x0000000005370000-0x000000000586E000-memory.dmpFilesize
5.0MB