Analysis
-
max time kernel
122s -
max time network
107s -
platform
windows10_x64 -
resource
win10v200217 -
submitted
02-03-2020 12:22
Static task
static1
Behavioral task
behavioral1
Sample
malware.exe
Resource
win7v200217
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
malware.exe
Resource
win10v200217
windows10_x64
0 signatures
0 seconds
General
-
Target
malware.exe
-
Size
743KB
-
MD5
d0b3518e06e76afbf847b77eb0394aee
-
SHA1
56d0931f5ca3dfb0f3848a512297adbf7d758a87
-
SHA256
a95ad9e61847bec0e9faac52ac95e069cf6cf9583733cc10cf547060e096eb24
-
SHA512
0654014c576f29947c6773be6b0c359a1487d6ad7a9eab0cea3cc9df49d1fda1715d143d937347839aec815220783206af175ee1385c9838046798241f1c8bfd
Score
7/10
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
malware.exepid process 3932 malware.exe 3932 malware.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3504 3932 WerFault.exe malware.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 3504 WerFault.exe Token: SeBackupPrivilege 3504 WerFault.exe Token: SeDebugPrivilege 3504 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 3504 WerFault.exe 3504 WerFault.exe 3504 WerFault.exe 3504 WerFault.exe 3504 WerFault.exe 3504 WerFault.exe 3504 WerFault.exe 3504 WerFault.exe 3504 WerFault.exe 3504 WerFault.exe 3504 WerFault.exe 3504 WerFault.exe 3504 WerFault.exe 3504 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\malware.exe"C:\Users\Admin\AppData\Local\Temp\malware.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:3932 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 12642⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:3504