Analysis
-
max time kernel
120s -
max time network
142s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
28-01-2022 07:33
Static task
static1
Behavioral task
behavioral1
Sample
BANK DETAILS-26012022-971332pdf.gz.exe
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
BANK DETAILS-26012022-971332pdf.gz.exe
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
BANK DETAILS-26012022-971332pdf.gz.exe
-
Size
234KB
-
MD5
915102405b44b4eb490450935905b4c5
-
SHA1
cc89138f906776cc8ceb6135753bd1bfdc423846
-
SHA256
234d944f1c4d9dcb90a6797dc13bf50fa2290da2230d134ee70bc4b7c4143ab8
-
SHA512
d34136c97136cdb01cde174506dd02b250894f4427dcac3c0d98dbc2a417db0b1fd15ad950b491b5795fb345ebe4eba175baac23252d3222eb0e5d253adf4615
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3588 2340 WerFault.exe BANK DETAILS-26012022-971332pdf.gz.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
WerFault.exepid process 3588 WerFault.exe 3588 WerFault.exe 3588 WerFault.exe 3588 WerFault.exe 3588 WerFault.exe 3588 WerFault.exe 3588 WerFault.exe 3588 WerFault.exe 3588 WerFault.exe 3588 WerFault.exe 3588 WerFault.exe 3588 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
BANK DETAILS-26012022-971332pdf.gz.exeWerFault.exedescription pid process Token: SeDebugPrivilege 2340 BANK DETAILS-26012022-971332pdf.gz.exe Token: SeDebugPrivilege 3588 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\BANK DETAILS-26012022-971332pdf.gz.exe"C:\Users\Admin\AppData\Local\Temp\BANK DETAILS-26012022-971332pdf.gz.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2340 -s 13522⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken