Analysis
-
max time kernel
136s -
max time network
103s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
07-07-2020 06:08
Static task
static1
Behavioral task
behavioral1
Sample
JCwZyb0zjyDTDj3.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
JCwZyb0zjyDTDj3.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
JCwZyb0zjyDTDj3.exe
-
Size
554KB
-
MD5
fd714befdd56479148dde38f6f788bf1
-
SHA1
9decbf37221b47dd3aef363b6cb7a388544bcc87
-
SHA256
4302e25b6146e3e0bdf666ae8d3e803ead6b993685a3c4ff3ca98d0b36d7766e
-
SHA512
77062a718fedef9daffbd1b294795603e3731a18ce306fe1065c745ced8cca452efc3cd9cefe50fdbae74a4230ca77958212b9f345ace6982afab9135870eb15
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2732 2804 WerFault.exe 65 -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 2732 WerFault.exe Token: SeBackupPrivilege 2732 WerFault.exe Token: SeDebugPrivilege 2732 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 2732 WerFault.exe 2732 WerFault.exe 2732 WerFault.exe 2732 WerFault.exe 2732 WerFault.exe 2732 WerFault.exe 2732 WerFault.exe 2732 WerFault.exe 2732 WerFault.exe 2732 WerFault.exe 2732 WerFault.exe 2732 WerFault.exe 2732 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\JCwZyb0zjyDTDj3.exe"C:\Users\Admin\AppData\Local\Temp\JCwZyb0zjyDTDj3.exe"1⤵PID:2804
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 11642⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:2732
-