Analysis
-
max time kernel
119s -
max time network
121s -
platform
windows10_x64 -
resource
win10 -
submitted
30-06-2020 12:11
Static task
static1
Behavioral task
behavioral1
Sample
Intels Group Ltd.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Intels Group Ltd.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
Intels Group Ltd.exe
-
Size
643KB
-
MD5
1b0ac5f8babe5450f83bd55946271bf2
-
SHA1
6c8b215aa11656ee3b90998f989049f38bd860be
-
SHA256
c5980f2bd305fc12792f56357e2ef6fdf7fa3d9971c13bdea539d8ad4af1b687
-
SHA512
bc84d625de361c0c295aa03d9309086277e09cd60efc3f23f8aea114470ffe35ea74cf1b71295660e6253ab52f555e31b71af039c0518cd6c8dbd6c1a2e19bfc
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3688 748 WerFault.exe Intels Group Ltd.exe -
Suspicious behavior: EnumeratesProcesses 15 IoCs
Processes:
Intels Group Ltd.exeWerFault.exepid process 748 Intels Group Ltd.exe 3688 WerFault.exe 3688 WerFault.exe 3688 WerFault.exe 3688 WerFault.exe 3688 WerFault.exe 3688 WerFault.exe 3688 WerFault.exe 3688 WerFault.exe 3688 WerFault.exe 3688 WerFault.exe 3688 WerFault.exe 3688 WerFault.exe 3688 WerFault.exe 3688 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
Intels Group Ltd.exeWerFault.exedescription pid process Token: SeDebugPrivilege 748 Intels Group Ltd.exe Token: SeRestorePrivilege 3688 WerFault.exe Token: SeBackupPrivilege 3688 WerFault.exe Token: SeDebugPrivilege 3688 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Intels Group Ltd.exe"C:\Users\Admin\AppData\Local\Temp\Intels Group Ltd.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 9762⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken