234d944f1c4d9dcb90a6797dc13bf50fa2290da2230d134ee70bc4b7c4143ab8 | Triage

Analysis

max time kernel
120s
max time network
142s
platform
windows10_x64
resource
win10-en-20211208
submitted
28-01-2022 07:33

Sharing

Report Analysis Logs

General

Target

BANK DETAILS-26012022-971332pdf.gz.exe
Size

234KB
MD5

915102405b44b4eb490450935905b4c5
SHA1

cc89138f906776cc8ceb6135753bd1bfdc423846
SHA256

234d944f1c4d9dcb90a6797dc13bf50fa2290da2230d134ee70bc4b7c4143ab8
SHA512

d34136c97136cdb01cde174506dd02b250894f4427dcac3c0d98dbc2a417db0b1fd15ad950b491b5795fb345ebe4eba175baac23252d3222eb0e5d253adf4615

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3588 2340 WerFault.exe BANK DETAILS-26012022-971332pdf.gz.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

WerFault.exe

pid	process
3588	WerFault.exe
3588	WerFault.exe
3588	WerFault.exe
3588	WerFault.exe
3588	WerFault.exe
3588	WerFault.exe
3588	WerFault.exe
3588	WerFault.exe
3588	WerFault.exe
3588	WerFault.exe
3588	WerFault.exe
3588	WerFault.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

BANK DETAILS-26012022-971332pdf.gz.exeWerFault.exe

description pid process

Token: SeDebugPrivilege 2340 BANK DETAILS-26012022-971332pdf.gz.exe
Token: SeDebugPrivilege 3588 WerFault.exe

C:\Users\Admin\AppData\Local\Temp\BANK DETAILS-26012022-971332pdf.gz.exe
"C:\Users\Admin\AppData\Local\Temp\BANK DETAILS-26012022-971332pdf.gz.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2340

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2340 -s 1352
2⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2340-118-0x00000264CDED0000-0x00000264CDF10000-memory.dmp

Filesize
256KB

Download
memory/2340-119-0x00000264CE230000-0x00000264CE232000-memory.dmp

Filesize
8KB

Download