Analysis
-
max time kernel
74s -
max time network
76s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
30-06-2020 06:36
Static task
static1
Behavioral task
behavioral1
Sample
gunzipped.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
gunzipped.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
gunzipped.exe
-
Size
706KB
-
MD5
9a7cb419186a367181d9f2f37d571fbe
-
SHA1
5d7728a89ca04fc1bbe525d7ca1c4132119b074a
-
SHA256
c6699928167cb50230cefe4ffef7fdcc10923de726d685d1a10ce4b6f8274d39
-
SHA512
5accbce94159f8e7c669ce687074aad3607fa1e261c4146d5b653c0c9c0e17e646aa85684f93aab1f34fb0ecce7ed7a1190ab96ad408dbbc5efb7e34364849bb
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 996 2916 WerFault.exe gunzipped.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
gunzipped.exeWerFault.exepid process 2916 gunzipped.exe 996 WerFault.exe 996 WerFault.exe 996 WerFault.exe 996 WerFault.exe 996 WerFault.exe 996 WerFault.exe 996 WerFault.exe 996 WerFault.exe 996 WerFault.exe 996 WerFault.exe 996 WerFault.exe 996 WerFault.exe 996 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
gunzipped.exeWerFault.exedescription pid process Token: SeDebugPrivilege 2916 gunzipped.exe Token: SeRestorePrivilege 996 WerFault.exe Token: SeBackupPrivilege 996 WerFault.exe Token: SeDebugPrivilege 996 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\gunzipped.exe"C:\Users\Admin\AppData\Local\Temp\gunzipped.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 9362⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken