Analysis
-
max time kernel
126s -
max time network
150s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
30-06-2020 02:13
Static task
static1
Behavioral task
behavioral1
Sample
a3c34cc.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
a3c34cc.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
a3c34cc.exe
-
Size
1.1MB
-
MD5
9b68fec360f13225cc8af186b4cf044c
-
SHA1
be2ef22941dd50d3a096811422d90a28ae48d54f
-
SHA256
2ba1c6028593abc20b0f03b311123293b2503db0c76be21880dd26493fa0706f
-
SHA512
5d88af7fea23e24a63d6773b0badc6217d61d8b52141cb0d191a2f5dc9e908ac41f72c09dea886385d35b834e00a6831712a17c9c968696b1d74a9e228a2486c
Score
10/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1884 1628 WerFault.exe a3c34cc.exe -
Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
Processes:
WerFault.exedescription pid process target process PID 1884 created 1628 1884 WerFault.exe a3c34cc.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 1884 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 1884 WerFault.exe 1884 WerFault.exe 1884 WerFault.exe 1884 WerFault.exe 1884 WerFault.exe 1884 WerFault.exe 1884 WerFault.exe 1884 WerFault.exe 1884 WerFault.exe 1884 WerFault.exe 1884 WerFault.exe 1884 WerFault.exe 1884 WerFault.exe 1884 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a3c34cc.exe"C:\Users\Admin\AppData\Local\Temp\a3c34cc.exe"1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1628 -s 1362⤵
- Program crash
- Suspicious use of NtCreateProcessExOtherParentProcess
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses