Analysis
-
max time kernel
127s -
max time network
149s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
30-06-2020 08:54
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
INVOICE.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
INVOICE.exe
-
Size
416KB
-
MD5
a4975ac7f40ccf4d1803e8edb97dce9e
-
SHA1
2c7d642447cfb2a4b1ce65659ed383b0c96f11ed
-
SHA256
fda1d068f7b5e8dcbaa65b83088db628ebc9e6420a9fdd258fb5f62bcb4b0935
-
SHA512
e7b9c414498f1bf101aaa8a77f94266acf6099cb62e9027a8707d71195ece5f67c48745e3f72b7f77ea15bce803990852f3668c8069b2ab4e49b527e4165a681
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4060 1628 WerFault.exe INVOICE.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 4060 WerFault.exe 4060 WerFault.exe 4060 WerFault.exe 4060 WerFault.exe 4060 WerFault.exe 4060 WerFault.exe 4060 WerFault.exe 4060 WerFault.exe 4060 WerFault.exe 4060 WerFault.exe 4060 WerFault.exe 4060 WerFault.exe 4060 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 4060 WerFault.exe Token: SeBackupPrivilege 4060 WerFault.exe Token: SeDebugPrivilege 4060 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\INVOICE.exe"C:\Users\Admin\AppData\Local\Temp\INVOICE.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 8962⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken