Analysis
-
max time kernel
144s -
max time network
99s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
09-07-2020 18:26
Static task
static1
Behavioral task
behavioral1
Sample
ENQ 21019932.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
ENQ 21019932.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
ENQ 21019932.exe
-
Size
555KB
-
MD5
d0e200db0aca6a1e1e380b5bccdfccba
-
SHA1
6148e8e13ae3cabf19546ec9085416ccbaccad6b
-
SHA256
7046b7932a10c62dfd330862369d68e1b235b27122187d55d619a4cf881bf2a7
-
SHA512
eabd77d01f13582e3d6d506be25999102d1aebddff4614aa6ca5844a175489a8c9e31977d5169838476fa980ed2dec71416a2472527ac07053b6f71adefd9f99
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2656 3824 WerFault.exe 65 -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 2656 WerFault.exe 2656 WerFault.exe 2656 WerFault.exe 2656 WerFault.exe 2656 WerFault.exe 2656 WerFault.exe 2656 WerFault.exe 2656 WerFault.exe 2656 WerFault.exe 2656 WerFault.exe 2656 WerFault.exe 2656 WerFault.exe 2656 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 2656 WerFault.exe Token: SeBackupPrivilege 2656 WerFault.exe Token: SeDebugPrivilege 2656 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ENQ 21019932.exe"C:\Users\Admin\AppData\Local\Temp\ENQ 21019932.exe"1⤵PID:3824
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 9122⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2656
-