Analysis
-
max time kernel
75s -
max time network
137s -
platform
windows10_x64 -
resource
win10 -
submitted
09-07-2020 18:41
Static task
static1
Behavioral task
behavioral1
Sample
f635d6dbb86f7d946250514c9ccb7db0.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
f635d6dbb86f7d946250514c9ccb7db0.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
f635d6dbb86f7d946250514c9ccb7db0.exe
-
Size
256KB
-
MD5
f635d6dbb86f7d946250514c9ccb7db0
-
SHA1
f11402b0dba9a9c81399c2f557b11deac2620c55
-
SHA256
25babc8d9be2e6cc3cdd408fac70bea0d9c3f0c3480945d3bcb374c88b6f82c1
-
SHA512
e02ba39e68acd88724acda61ac1feb501a0d070022c22863e7dd2fa2dc160a15d56e302a5ad1ad200d70091098d764c542cdf88d88d917d5f988ae36d80d9d9c
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3500 3068 WerFault.exe 66 -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 3500 WerFault.exe 3500 WerFault.exe 3500 WerFault.exe 3500 WerFault.exe 3500 WerFault.exe 3500 WerFault.exe 3500 WerFault.exe 3500 WerFault.exe 3500 WerFault.exe 3500 WerFault.exe 3500 WerFault.exe 3500 WerFault.exe 3500 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 3500 WerFault.exe Token: SeBackupPrivilege 3500 WerFault.exe Token: SeDebugPrivilege 3500 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\f635d6dbb86f7d946250514c9ccb7db0.exe"C:\Users\Admin\AppData\Local\Temp\f635d6dbb86f7d946250514c9ccb7db0.exe"1⤵PID:3068
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 11722⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3500
-