Analysis
-
max time kernel
131s -
max time network
133s -
platform
windows10_x64 -
resource
win10 -
submitted
30-06-2020 17:54
Static task
static1
Behavioral task
behavioral1
Sample
Bank account swift.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Bank account swift.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
Bank account swift.exe
-
Size
421KB
-
MD5
c56a303609aed297daeaa2168d7d3ff5
-
SHA1
18001149ab9cac574b43ae64646600eca00ac0bf
-
SHA256
806739222ffaed70608883fc8f825a1a6550b071946fe370e63dff0f50dd640e
-
SHA512
4d0c10d88b78ea16f5bf12775fc54b65055ba7566b9e6a54ac1729c5e5ddf537feffe071b1e9c015fe0894fe642b9eec3e8f970a4a987b50d7cc6f76a6c72951
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1940 2920 WerFault.exe Bank account swift.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 1940 WerFault.exe 1940 WerFault.exe 1940 WerFault.exe 1940 WerFault.exe 1940 WerFault.exe 1940 WerFault.exe 1940 WerFault.exe 1940 WerFault.exe 1940 WerFault.exe 1940 WerFault.exe 1940 WerFault.exe 1940 WerFault.exe 1940 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 1940 WerFault.exe Token: SeBackupPrivilege 1940 WerFault.exe Token: SeDebugPrivilege 1940 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Bank account swift.exe"C:\Users\Admin\AppData\Local\Temp\Bank account swift.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 8922⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken