e6f4b1ed945dfe592851779ee00459e49d078983937b72c6cedb4da6d1a42433

Analysis

max time kernel
119s
max time network
131s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03-01-2024 16:28

Target

Payment Advice_ Public Bank Berhad.pdf.exe
Size

1.4MB
MD5

89ff8e75427e825570b0b2340dd832cf
SHA1

12903d7c478914c4c38e76b24001145048f20b8e
SHA256

7011d414322a2e8079029fdb2646ce87bea6baaa1dccdb4cc3ac07f968189cbd
SHA512

525e3098b2b6699113feedabe29e9636e71f30e1caef327c576df4853021a431483905bb6b17379cb587d87a79a811f856e25627f50e9ca34de7142603493c96
SSDEEP

24576:KbGQWvRW2299XrxE7Ozo4vq60bhs+VfnO52CF:EGQWsXr+zZzhrVfni

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2904	2292	WerFault.exe	26

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2292	Payment Advice_ Public Bank Berhad.pdf.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 2904	2292	Payment Advice_ Public Bank Berhad.pdf.exe	27
PID 2292 wrote to memory of 2904	2292	Payment Advice_ Public Bank Berhad.pdf.exe	27
PID 2292 wrote to memory of 2904	2292	Payment Advice_ Public Bank Berhad.pdf.exe	27
PID 2292 wrote to memory of 2904	2292	Payment Advice_ Public Bank Berhad.pdf.exe	27

C:\Users\Admin\AppData\Local\Temp\Payment Advice_ Public Bank Berhad.pdf.exe
"C:\Users\Admin\AppData\Local\Temp\Payment Advice_ Public Bank Berhad.pdf.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 980
  2⤵
  - Program crash
  PID:2904

memory/2292-0-0x0000000001050000-0x00000000011B2000-memory.dmp

Filesize
1.4MB

Download
memory/2292-1-0x0000000074D60000-0x000000007544E000-memory.dmp

Filesize
6.9MB

Download
memory/2292-2-0x0000000004910000-0x0000000004950000-memory.dmp

Filesize
256KB

Download
memory/2292-3-0x0000000074D60000-0x000000007544E000-memory.dmp

Filesize
6.9MB

Download
memory/2292-4-0x0000000004910000-0x0000000004950000-memory.dmp

Filesize
256KB

Download