Analysis
-
max time kernel
74s -
max time network
73s -
platform
windows10_x64 -
resource
win10 -
submitted
24-06-2020 14:37
Static task
static1
Behavioral task
behavioral1
Sample
payment to new bank account.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
payment to new bank account.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
payment to new bank account.exe
-
Size
447KB
-
MD5
783f004a10ee4968177781da7c16afe6
-
SHA1
86ba9ef1a91abf63cf9a3c6bcc7a67fa37e3494e
-
SHA256
5a9f5848c0305a43cf26c3776ed1d4683fbc9d2f59349cd741efe792313affaa
-
SHA512
9c3f1f4234691671b3852380feff86462675cc6c1c855ab2ed1cd0f6e83d6ca0bb377589df9b0af74211bf0046034cc59a30871931d51d1bfae6b2750a4845d3
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4004 3536 WerFault.exe payment to new bank account.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 4004 WerFault.exe 4004 WerFault.exe 4004 WerFault.exe 4004 WerFault.exe 4004 WerFault.exe 4004 WerFault.exe 4004 WerFault.exe 4004 WerFault.exe 4004 WerFault.exe 4004 WerFault.exe 4004 WerFault.exe 4004 WerFault.exe 4004 WerFault.exe 4004 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 4004 WerFault.exe Token: SeBackupPrivilege 4004 WerFault.exe Token: SeDebugPrivilege 4004 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\payment to new bank account.exe"C:\Users\Admin\AppData\Local\Temp\payment to new bank account.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 11082⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken