Analysis
-
max time kernel
66s -
max time network
111s -
platform
windows10_x64 -
resource
win10 -
submitted
30-06-2020 13:36
Static task
static1
Behavioral task
behavioral1
Sample
aa250511bf99e715a6b37fc643f355d8.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
aa250511bf99e715a6b37fc643f355d8.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
aa250511bf99e715a6b37fc643f355d8.exe
-
Size
500KB
-
MD5
aa250511bf99e715a6b37fc643f355d8
-
SHA1
4ee5f574ed4c49a269d257e353baf736e50210d2
-
SHA256
fd512bcb35f6f9b41f33ec961e46e3b80a774d8038a03abb1b693064a84f8f1a
-
SHA512
c1df88c46297ddd410dbcc874f6c43c396650e5e596e1fd246aea22ec2a2a4f8553ebed4a24a5aae511f082d8c5343c0511389c945d7eb4effcd190b66b014b9
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3928 2728 WerFault.exe aa250511bf99e715a6b37fc643f355d8.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 3928 WerFault.exe Token: SeBackupPrivilege 3928 WerFault.exe Token: SeDebugPrivilege 3928 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 3928 WerFault.exe 3928 WerFault.exe 3928 WerFault.exe 3928 WerFault.exe 3928 WerFault.exe 3928 WerFault.exe 3928 WerFault.exe 3928 WerFault.exe 3928 WerFault.exe 3928 WerFault.exe 3928 WerFault.exe 3928 WerFault.exe 3928 WerFault.exe 3928 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\aa250511bf99e715a6b37fc643f355d8.exe"C:\Users\Admin\AppData\Local\Temp\aa250511bf99e715a6b37fc643f355d8.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 11442⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses