Analysis
-
max time kernel
65s -
max time network
110s -
platform
windows10_x64 -
resource
win10 -
submitted
08-07-2020 06:47
Static task
static1
Behavioral task
behavioral1
Sample
7599525244gZ.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
7599525244gZ.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
7599525244gZ.exe
-
Size
883KB
-
MD5
89f79b70ca375bcf96333974bac723f0
-
SHA1
ce93da121de90a87a93b09a98f2d3564afe75079
-
SHA256
81967adfc60e1b5895f81d7bc1d1fdcb000f451a1524d56f831f43232b6841ff
-
SHA512
e709a0b0ea790dc0b8bbed49d037cf18ce62f068b4fca480f5d8eccf9bd8a1aa9d84847a55a10695a7436dca4e6f253682695660c2ac4eab9b1cd4a7c5ecc982
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3828 3588 WerFault.exe 66 -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 3828 WerFault.exe Token: SeBackupPrivilege 3828 WerFault.exe Token: SeDebugPrivilege 3828 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7599525244gZ.exe"C:\Users\Admin\AppData\Local\Temp\7599525244gZ.exe"1⤵PID:3588
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 11482⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:3828
-