Analysis
-
max time kernel
71s -
max time network
116s -
platform
windows10_x64 -
resource
win10 -
submitted
30-06-2020 05:28
Static task
static1
Behavioral task
behavioral1
Sample
IePZajh9fm9DACV.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
IePZajh9fm9DACV.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
IePZajh9fm9DACV.exe
-
Size
362KB
-
MD5
82c01db6ccaa1c602b77c59b3ed64d71
-
SHA1
71ca9deefc3a678bf7fde895978ff5ff5a67691a
-
SHA256
70a3e3040e47398629957e35100380def41b1ab5b4ac73e777051b6e85c60b19
-
SHA512
0ae49f96a29e21bf8d4e29f7d93f79870b006e0b639bf49565cb7cffca2ad2d7fd26c76d84f777e4aa77a00b91a546dd7a9b957fb326a707f727bb6b76648f59
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3876 2532 WerFault.exe IePZajh9fm9DACV.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 3876 WerFault.exe Token: SeBackupPrivilege 3876 WerFault.exe Token: SeDebugPrivilege 3876 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 3876 WerFault.exe 3876 WerFault.exe 3876 WerFault.exe 3876 WerFault.exe 3876 WerFault.exe 3876 WerFault.exe 3876 WerFault.exe 3876 WerFault.exe 3876 WerFault.exe 3876 WerFault.exe 3876 WerFault.exe 3876 WerFault.exe 3876 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\IePZajh9fm9DACV.exe"C:\Users\Admin\AppData\Local\Temp\IePZajh9fm9DACV.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 11682⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses