Analysis
-
max time kernel
124s -
max time network
127s -
platform
windows10_x64 -
resource
win10 -
submitted
30-06-2020 12:34
Static task
static1
Behavioral task
behavioral1
Sample
RFQ (4500387063).exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
RFQ (4500387063).exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
RFQ (4500387063).exe
-
Size
430KB
-
MD5
a4cb84ddf99fb30ce17fd21b6e1c28a5
-
SHA1
9662ed80dbe678c1559ffc54285f5664ed630894
-
SHA256
16b611f0a2868d31b7d562b76fff4fb282da38d1d24838921631544cea1086e4
-
SHA512
4b48e9d15c4cbabc4ba0c3cd9d5c477de37cd1f5e0b8e9627de26edc5423ef3b7acdc6ddb19a1c0a2df19cce740c0c65d16922f885187f557df193664429f344
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3548 3908 WerFault.exe RFQ (4500387063).exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 3548 WerFault.exe 3548 WerFault.exe 3548 WerFault.exe 3548 WerFault.exe 3548 WerFault.exe 3548 WerFault.exe 3548 WerFault.exe 3548 WerFault.exe 3548 WerFault.exe 3548 WerFault.exe 3548 WerFault.exe 3548 WerFault.exe 3548 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 3548 WerFault.exe Token: SeBackupPrivilege 3548 WerFault.exe Token: SeDebugPrivilege 3548 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\RFQ (4500387063).exe"C:\Users\Admin\AppData\Local\Temp\RFQ (4500387063).exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 8922⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken