Analysis
-
max time kernel
120s -
max time network
142s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
09-07-2020 18:50
Static task
static1
Behavioral task
behavioral1
Sample
137e5f7335c53e2955e6bb4fc30bebd4.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
137e5f7335c53e2955e6bb4fc30bebd4.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
137e5f7335c53e2955e6bb4fc30bebd4.exe
-
Size
499KB
-
MD5
137e5f7335c53e2955e6bb4fc30bebd4
-
SHA1
685e6de70e0eac6012e81125176f85d2fb45c9d4
-
SHA256
be240aed297970b0e97f46ce8964784645c8bfeb7b4ffc451ab7857b7df8438f
-
SHA512
5da31f49ac7cfdf695f43d07f4498d2445d579f88cece46abcc357bef8aa14683f590fc03cb9fe5ab19ec7ac233cc3993f87c558f54977a158b8871da6344ad7
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3732 1520 WerFault.exe 67 -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 3732 WerFault.exe Token: SeBackupPrivilege 3732 WerFault.exe Token: SeDebugPrivilege 3732 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 3732 WerFault.exe 3732 WerFault.exe 3732 WerFault.exe 3732 WerFault.exe 3732 WerFault.exe 3732 WerFault.exe 3732 WerFault.exe 3732 WerFault.exe 3732 WerFault.exe 3732 WerFault.exe 3732 WerFault.exe 3732 WerFault.exe 3732 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\137e5f7335c53e2955e6bb4fc30bebd4.exe"C:\Users\Admin\AppData\Local\Temp\137e5f7335c53e2955e6bb4fc30bebd4.exe"1⤵PID:1520
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 9162⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:3732
-