Analysis
-
max time kernel
117s -
max time network
120s -
platform
windows10_x64 -
resource
win10 -
submitted
07-07-2020 08:41
Static task
static1
Behavioral task
behavioral1
Sample
HALKBANK.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
HALKBANK.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
HALKBANK.exe
-
Size
1.9MB
-
MD5
50c28ec3b4d36ef6d94c9ee44669d5c6
-
SHA1
e1fa59975732f319ee3543721946c9bdbddcdd7d
-
SHA256
8424b5a86327251f934d4e4526de3d48b942c0953a866f84de2d7bb19a5fbc04
-
SHA512
f6bd95acce6103f8111f3b510c64de731733b0e5ccde6313ba55193667d22a0cc5f076672b25ea30fc58e50e164ab8149541dd0a79ece6e26c54d27272b6cdc1
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3312 3060 WerFault.exe HALKBANK.exe -
Suspicious behavior: EnumeratesProcesses 15 IoCs
Processes:
HALKBANK.exeWerFault.exepid process 3060 HALKBANK.exe 3312 WerFault.exe 3312 WerFault.exe 3312 WerFault.exe 3312 WerFault.exe 3312 WerFault.exe 3312 WerFault.exe 3312 WerFault.exe 3312 WerFault.exe 3312 WerFault.exe 3312 WerFault.exe 3312 WerFault.exe 3312 WerFault.exe 3312 WerFault.exe 3312 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
HALKBANK.exeWerFault.exedescription pid process Token: SeDebugPrivilege 3060 HALKBANK.exe Token: SeRestorePrivilege 3312 WerFault.exe Token: SeBackupPrivilege 3312 WerFault.exe Token: SeDebugPrivilege 3312 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\HALKBANK.exe"C:\Users\Admin\AppData\Local\Temp\HALKBANK.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3060 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 9362⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3312