Analysis
-
max time kernel
75s -
max time network
150s -
platform
windows10_x64 -
resource
win10 -
submitted
30-06-2020 15:10
Static task
static1
Behavioral task
behavioral1
Sample
swift_7974.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
swift_7974.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
swift_7974.exe
-
Size
484KB
-
MD5
475e1f8a737a1137a0935909184f8824
-
SHA1
15b9a691f4490c3c562e8bf5639f999c4cf95313
-
SHA256
0310713073d73da7a45ff957b3fdba84d8d6da70a91a8404c66561007d505d08
-
SHA512
1ff39b6bde5ae30072b43d9e9d32ce2256508656eca5dc7fccb0c0058f102371e9f5ca1ea3fb3b2ebe74f4aada43c62220cca2873dd6549effbe5deb4b8730fe
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3644 772 WerFault.exe swift_7974.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 3644 WerFault.exe Token: SeBackupPrivilege 3644 WerFault.exe Token: SeDebugPrivilege 3644 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 3644 WerFault.exe 3644 WerFault.exe 3644 WerFault.exe 3644 WerFault.exe 3644 WerFault.exe 3644 WerFault.exe 3644 WerFault.exe 3644 WerFault.exe 3644 WerFault.exe 3644 WerFault.exe 3644 WerFault.exe 3644 WerFault.exe 3644 WerFault.exe 3644 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\swift_7974.exe"C:\Users\Admin\AppData\Local\Temp\swift_7974.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 11402⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses