Analysis
-
max time kernel
139s -
max time network
137s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
30-06-2020 13:20
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Purchase Order.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
Purchase Order.exe
-
Size
635KB
-
MD5
a16e39975fd3c0f0c707f661102813e1
-
SHA1
e729381aa629fdfb01cec05f2f747dfe99a5594d
-
SHA256
aec14877d4e03e342e0f010e0d6c25aea5492f94ddbd7d48ab41607f609bb87b
-
SHA512
b3ae3e974193dd8ca2e599d077a3f8e01831b06131069d07ffe3245ad09d13bbf11ee2cf65679bc74ebd08a24a60bd9e31d9ed4b733340a9fc921a582060e4da
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 588 3724 WerFault.exe Purchase Order.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
Purchase Order.exeWerFault.exepid process 3724 Purchase Order.exe 588 WerFault.exe 588 WerFault.exe 588 WerFault.exe 588 WerFault.exe 588 WerFault.exe 588 WerFault.exe 588 WerFault.exe 588 WerFault.exe 588 WerFault.exe 588 WerFault.exe 588 WerFault.exe 588 WerFault.exe 588 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
Purchase Order.exeWerFault.exedescription pid process Token: SeDebugPrivilege 3724 Purchase Order.exe Token: SeRestorePrivilege 588 WerFault.exe Token: SeBackupPrivilege 588 WerFault.exe Token: SeDebugPrivilege 588 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Purchase Order.exe"C:\Users\Admin\AppData\Local\Temp\Purchase Order.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 9242⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken