Analysis
-
max time kernel
65s -
max time network
99s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
08-07-2020 14:20
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Purchase Order.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
Purchase Order.exe
-
Size
796KB
-
MD5
9c855254c998da988ee359119c6bfbcd
-
SHA1
4e673163f312fb8334c93c5ab1bf7fd7e7f81f9c
-
SHA256
8100b701682e9fb7c4165631216913054e2e201f4cd63274ff1151ade42098c9
-
SHA512
715d61ab364cd879c4da76732a8cdafcf2ccd80be2330a00b1dc6580c62a5996b85b4469c9ca6bbb276208118114f1f1b5bf77f7cd6dc0023a92f8633cbb62a4
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2164 2564 WerFault.exe Purchase Order.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 2164 WerFault.exe Token: SeBackupPrivilege 2164 WerFault.exe Token: SeDebugPrivilege 2164 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 2164 WerFault.exe 2164 WerFault.exe 2164 WerFault.exe 2164 WerFault.exe 2164 WerFault.exe 2164 WerFault.exe 2164 WerFault.exe 2164 WerFault.exe 2164 WerFault.exe 2164 WerFault.exe 2164 WerFault.exe 2164 WerFault.exe 2164 WerFault.exe 2164 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Purchase Order.exe"C:\Users\Admin\AppData\Local\Temp\Purchase Order.exe"1⤵PID:2564
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 11442⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:2164