Analysis
-
max time kernel
146s -
max time network
102s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
30-06-2020 06:55
Static task
static1
Behavioral task
behavioral1
Sample
0437a3b7c497908d0dc489a1b21cf395b76eedae8f1a1b473ecbb5f02e892bf9.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
0437a3b7c497908d0dc489a1b21cf395b76eedae8f1a1b473ecbb5f02e892bf9.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
0437a3b7c497908d0dc489a1b21cf395b76eedae8f1a1b473ecbb5f02e892bf9.exe
-
Size
1.6MB
-
MD5
1930ca258642f47145ba36729c6fbc6f
-
SHA1
c8248b016315f79cac43e5dd17c677f33b0042e1
-
SHA256
0437a3b7c497908d0dc489a1b21cf395b76eedae8f1a1b473ecbb5f02e892bf9
-
SHA512
89ca63e4a781a309ceec1ef36deddd5c7fc061f03e10413ba5b5e6618bef94b991c76121b95372db90b433c402472dba1c99d9574b05ea97714b84b61852f89a
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2272 1808 WerFault.exe 0437a3b7c497908d0dc489a1b21cf395b76eedae8f1a1b473ecbb5f02e892bf9.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 2272 WerFault.exe Token: SeBackupPrivilege 2272 WerFault.exe Token: SeDebugPrivilege 2272 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 2272 WerFault.exe 2272 WerFault.exe 2272 WerFault.exe 2272 WerFault.exe 2272 WerFault.exe 2272 WerFault.exe 2272 WerFault.exe 2272 WerFault.exe 2272 WerFault.exe 2272 WerFault.exe 2272 WerFault.exe 2272 WerFault.exe 2272 WerFault.exe 2272 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\0437a3b7c497908d0dc489a1b21cf395b76eedae8f1a1b473ecbb5f02e892bf9.exe"C:\Users\Admin\AppData\Local\Temp\0437a3b7c497908d0dc489a1b21cf395b76eedae8f1a1b473ecbb5f02e892bf9.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 11722⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses