Analysis
-
max time kernel
135s -
max time network
101s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
07-07-2020 09:45
Static task
static1
Behavioral task
behavioral1
Sample
Company Info.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Company Info.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
Company Info.exe
-
Size
869KB
-
MD5
3619d3ebb45aa02a640af44be1c1cda1
-
SHA1
b38e409b0226de9221201d2be44c08f633b4106e
-
SHA256
0c3a54b9d65c5d6aff6d565f3fd50be5db7c7a9f8a14bf760b82e65d4de24730
-
SHA512
e574e52e0cd56a7f7a5bd687123a552cb92dd9373518930bb6d4423495e8629cdbefa7bc5d8a30e20fa0a944ad1d8a6e567aeaf0054a91eac085b594635d49eb
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target Process procid_target 2744 3160 WerFault.exe 66 -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid Process Token: SeRestorePrivilege 2744 WerFault.exe Token: SeBackupPrivilege 2744 WerFault.exe Token: SeDebugPrivilege 2744 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid Process 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Company Info.exe"C:\Users\Admin\AppData\Local\Temp\Company Info.exe"1⤵PID:3160
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 11682⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:2744
-