Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-en-20211014 -
submitted
02-12-2021 19:14
General
-
Target
Waybilldoc_220950655.pdf.exe
-
Size
465KB
-
MD5
717a4adeeaf2cc5ccccc944accb3b2fd
-
SHA1
834b3549011ac52fa34c2299b8194087f6a695e8
-
SHA256
52ffc0a75a42165e68bc35efc7b9bdd4069c7f5d4054c040737cfc87ae158da8
-
SHA512
a6f52d450d198458a85f01a9b6a0a14aa8356cb68bec713474efd1935f686b9c4fc68eb0dd43fd978bbee17650ef8688e46759d30c11f50ec2c15dd5584b40ea
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Waybilldoc_220950655.pdf.exe"C:\Users\Admin\AppData\Local\Temp\Waybilldoc_220950655.pdf.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 6642⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/636-61-0x0000000000000000-mapping.dmp
-
memory/636-62-0x0000000000500000-0x0000000000501000-memory.dmpFilesize
4KB
-
memory/1716-55-0x0000000000240000-0x0000000000241000-memory.dmpFilesize
4KB
-
memory/1716-57-0x0000000074F21000-0x0000000074F23000-memory.dmpFilesize
8KB
-
memory/1716-58-0x00000000008E0000-0x00000000008E1000-memory.dmpFilesize
4KB
-
memory/1716-59-0x0000000000490000-0x0000000000498000-memory.dmpFilesize
32KB
-
memory/1716-60-0x0000000004E90000-0x0000000004EF9000-memory.dmpFilesize
420KB