Analysis
-
max time kernel
151s -
max time network
106s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
08-07-2020 11:56
Static task
static1
Behavioral task
behavioral1
Sample
cd759300c8e46a70f35f4242e75b987beb809b89f244d7a7235dc33b868e245f.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
cd759300c8e46a70f35f4242e75b987beb809b89f244d7a7235dc33b868e245f.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
cd759300c8e46a70f35f4242e75b987beb809b89f244d7a7235dc33b868e245f.exe
-
Size
224KB
-
MD5
de8e255db63ba62ce08aafcada997a76
-
SHA1
d0c19ad11433c5528e6f4c46a34b271d34cfcef7
-
SHA256
cd759300c8e46a70f35f4242e75b987beb809b89f244d7a7235dc33b868e245f
-
SHA512
ff10b8b5d6117f689b8cbf9acb083d353407fadcc3351a5dba6fa44ca6b58967f30ce4bd8da1545fa8fbb6b226b7ed4e93725e5b3b5ef17fbb7539d0122d9d74
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2316 2564 WerFault.exe 65 -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 2316 WerFault.exe Token: SeBackupPrivilege 2316 WerFault.exe Token: SeDebugPrivilege 2316 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 2316 WerFault.exe 2316 WerFault.exe 2316 WerFault.exe 2316 WerFault.exe 2316 WerFault.exe 2316 WerFault.exe 2316 WerFault.exe 2316 WerFault.exe 2316 WerFault.exe 2316 WerFault.exe 2316 WerFault.exe 2316 WerFault.exe 2316 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\cd759300c8e46a70f35f4242e75b987beb809b89f244d7a7235dc33b868e245f.exe"C:\Users\Admin\AppData\Local\Temp\cd759300c8e46a70f35f4242e75b987beb809b89f244d7a7235dc33b868e245f.exe"1⤵PID:2564
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 9322⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:2316
-