Analysis
-
max time kernel
109s -
max time network
120s -
resource
win7v191014
Task
task1
Sample
4a702c33e4e15617b56f545a956aec37c92585217091c1e2ca08180380709b6b.exe
Resource
win7v191014
0 signatures
Task
task2
Sample
4a702c33e4e15617b56f545a956aec37c92585217091c1e2ca08180380709b6b.exe
Resource
win10v191014
0 signatures
General
-
Target
4a702c33e4e15617b56f545a956aec37c92585217091c1e2ca08180380709b6b
-
Sample
191025-bqj4jblczx
-
SHA256
4a702c33e4e15617b56f545a956aec37c92585217091c1e2ca08180380709b6b
Score
N/A
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid process 1812 WerFault.exe -
Suspicious use of WriteProcessMemory 1 IoCs
Processes:
svchost.exedescription pid process target process PID 1800 wrote to memory of 1812 1800 svchost.exe WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 1812 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
WerFault.exepid process 1812 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\4a702c33e4e15617b56f545a956aec37c92585217091c1e2ca08180380709b6b.exe"C:\Users\Admin\AppData\Local\Temp\4a702c33e4e15617b56f545a956aec37c92585217091c1e2ca08180380709b6b.exe"1⤵PID:1716
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k WerSvcGroup1⤵
- Suspicious use of WriteProcessMemory
PID:1800
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1716 -s 6081⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:1812