Analysis
-
max time kernel
93s -
max time network
137s -
platform
windows10_x64 -
resource
win10 -
submitted
30-06-2020 14:33
Static task
static1
Behavioral task
behavioral1
Sample
RFQ.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
RFQ.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
RFQ.exe
-
Size
910KB
-
MD5
3b96b40684f1b7ae1d901e17cfe6bbca
-
SHA1
5ac9d18cdb4a218b17382f8afe157348ecb18f5e
-
SHA256
de2955c99e6c58997641899e6534142f26de80368887da0c4fb501eb1b027308
-
SHA512
30755b94e4482703affcba7f442cea5198d27fc841d915182e994f867832a4e63a369d74cd9537fa910e3f52ad9152d5d547e68559f951d203f5b9fa9211447c
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3828 3068 WerFault.exe RFQ.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 3828 WerFault.exe Token: SeBackupPrivilege 3828 WerFault.exe Token: SeDebugPrivilege 3828 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\RFQ.exe"C:\Users\Admin\AppData\Local\Temp\RFQ.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 11402⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses