Analysis
-
max time kernel
135s -
max time network
100s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
30-06-2020 05:57
Static task
static1
Behavioral task
behavioral1
Sample
Bank Reciept.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Bank Reciept.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
Bank Reciept.exe
-
Size
209KB
-
MD5
0207edc8cf65c2e87d4ce3e72cf4ad1f
-
SHA1
4ddda3e0700098a0dd64c44f78a5e2166b47d395
-
SHA256
a440dca4a1559d04426c05899989e611bd77d55b3fe00713b70e1b4968c8f61b
-
SHA512
a58c79ab3781cc4f2e12a563eb3243fe42ee28ad0838af25a41a50308e8dc246192a8471dc7b1edc8af8d48dd8864daa8531c59d8cdccba9f78c1532df838c79
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2184 1516 WerFault.exe Bank Reciept.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 2184 WerFault.exe Token: SeBackupPrivilege 2184 WerFault.exe Token: SeDebugPrivilege 2184 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 2184 WerFault.exe 2184 WerFault.exe 2184 WerFault.exe 2184 WerFault.exe 2184 WerFault.exe 2184 WerFault.exe 2184 WerFault.exe 2184 WerFault.exe 2184 WerFault.exe 2184 WerFault.exe 2184 WerFault.exe 2184 WerFault.exe 2184 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Bank Reciept.exe"C:\Users\Admin\AppData\Local\Temp\Bank Reciept.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 9002⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses