Analysis
-
max time kernel
135s -
max time network
101s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
07-07-2020 09:45
Static task
static1
Behavioral task
behavioral1
Sample
Company Info.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Company Info.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
Company Info.exe
-
Size
869KB
-
MD5
3619d3ebb45aa02a640af44be1c1cda1
-
SHA1
b38e409b0226de9221201d2be44c08f633b4106e
-
SHA256
0c3a54b9d65c5d6aff6d565f3fd50be5db7c7a9f8a14bf760b82e65d4de24730
-
SHA512
e574e52e0cd56a7f7a5bd687123a552cb92dd9373518930bb6d4423495e8629cdbefa7bc5d8a30e20fa0a944ad1d8a6e567aeaf0054a91eac085b594635d49eb
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2744 3160 WerFault.exe 66 -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 2744 WerFault.exe Token: SeBackupPrivilege 2744 WerFault.exe Token: SeDebugPrivilege 2744 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Company Info.exe"C:\Users\Admin\AppData\Local\Temp\Company Info.exe"1⤵PID:3160
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 11682⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:2744
-