Analysis
-
max time kernel
63s -
max time network
110s -
platform
windows10_x64 -
resource
win10 -
submitted
08-07-2020 06:46
Static task
static1
Behavioral task
behavioral1
Sample
Transfer Form.scr
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Transfer Form.scr
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
Transfer Form.scr
-
Size
959KB
-
MD5
de18b7e07da179adb8c5c3be4698f2be
-
SHA1
331e367ccf667e27ccbb253a09e2dd91597811d7
-
SHA256
d5434b833a6b29c1f83aee2a0c8c5584467e495e452f7e6e676235b7e4870033
-
SHA512
0f086bf6eafbff463ec6484c80317421f41e3b8b9e5dd62778dbd1f08e59e6bfaacad0c0eeed4d3228984450dbb7fae2fa6430e6a40c10929a14b82691448cb5
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3812 2512 WerFault.exe 66 -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 3812 WerFault.exe 3812 WerFault.exe 3812 WerFault.exe 3812 WerFault.exe 3812 WerFault.exe 3812 WerFault.exe 3812 WerFault.exe 3812 WerFault.exe 3812 WerFault.exe 3812 WerFault.exe 3812 WerFault.exe 3812 WerFault.exe 3812 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 3812 WerFault.exe Token: SeBackupPrivilege 3812 WerFault.exe Token: SeDebugPrivilege 3812 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Transfer Form.scr"C:\Users\Admin\AppData\Local\Temp\Transfer Form.scr" /S1⤵PID:2512
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 11442⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3812
-