Resubmissions
27-05-2020 14:40
200527-txwwm11vej 1026-05-2020 15:35
200526-8h87qpsrz2 625-05-2020 13:03
200525-7xn38c1n6x 6Analysis
-
max time kernel
114s -
max time network
137s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
25-05-2020 13:03
Static task
static1
Behavioral task
behavioral1
Sample
IMMUNI.bin.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
IMMUNI.bin.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
IMMUNI.bin.exe
-
Size
955KB
-
MD5
b226803ac5a68cd86ecb7c0c6c4e9d00
-
SHA1
110301b5f4eced3c0d6712f023d3e0212515bf99
-
SHA256
7980ef30b9bed26a9823d3dd5746cdefe5d01de2b2eb2c5e17dbfd1fd52f62bf
-
SHA512
7a333fb668c8a7fa67715703d16cf8ed296c553fa3aab7c861337a211c605d0b20f0c760a4bfb3b72561efe342472382ecf890fd5de3e51c0022038474516e79
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2876 4012 WerFault.exe IMMUNI.bin.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 2876 WerFault.exe Token: SeBackupPrivilege 2876 WerFault.exe Token: SeDebugPrivilege 2876 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 2876 WerFault.exe 2876 WerFault.exe 2876 WerFault.exe 2876 WerFault.exe 2876 WerFault.exe 2876 WerFault.exe 2876 WerFault.exe 2876 WerFault.exe 2876 WerFault.exe 2876 WerFault.exe 2876 WerFault.exe 2876 WerFault.exe 2876 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\IMMUNI.bin.exe"C:\Users\Admin\AppData\Local\Temp\IMMUNI.bin.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 10802⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses