Overview

overview

10

Static

static

SHIPPING D...PL.exe

windows7_x64

3

SHIPPING D...PL.exe

windows10_x64

10

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-en-20211014
  • submitted
    02-12-2021 13:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SHIPPING DOCUMENT & PL.exe

  • Size

    465KB

  • MD5

    d24c7a40d621572c5de0d58ed1faac28

  • SHA1

    1fc2634401142c79be427671382cd3ea99e4c312

  • SHA256

    cdbf59639275f9eac2802feb599b57e8178f5f5170f389d667f359f75c56ecd3

  • SHA512

    65b0f65244ec6a758264aa0f92a33180c164922db18d0d34663cbd14246f2949f77a6e2da0c7d5802fc40628ab3cfc334cb1b0979af061242b7f6f9a746854e2

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SHIPPING DOCUMENT & PL.exe
    "C:\Users\Admin\AppData\Local\Temp\SHIPPING DOCUMENT & PL.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:736
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 736 -s 664
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/736-55-0x0000000000E60000-0x0000000000E61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/736-57-0x0000000075821000-0x0000000075823000-memory.dmp
    Filesize

    8KB

    Download
  • memory/736-58-0x0000000004E50000-0x0000000004E51000-memory.dmp
    Filesize

    4KB

    Download
  • memory/736-59-0x00000000004E0000-0x00000000004E8000-memory.dmp
    Filesize

    32KB

    Download
  • memory/736-60-0x0000000004F90000-0x0000000004FF9000-memory.dmp
    Filesize

    420KB

    Download
  • memory/1164-61-0x0000000000000000-mapping.dmp
    Download
  • memory/1164-62-0x0000000000CA0000-0x0000000000CA1000-memory.dmp
    Filesize

    4KB

    Download