Analysis
-
max time kernel
135s -
max time network
103s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
09-07-2020 08:24
Static task
static1
Behavioral task
behavioral1
Sample
crypt.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
crypt.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
crypt.exe
-
Size
544KB
-
MD5
522999de9b8ce418029ff040802697a9
-
SHA1
11b2097d9ad93c6ce29e252a95c0b242f6be766f
-
SHA256
7476dcf410a70085858f6941dd7b2eecfee947c2fc5f3119007fa32f46510bd2
-
SHA512
0d6653623b16f3972cf81fa63037b55702b9790f5b0cdbfe6f1f03a11614c304720132c0c398a4017fa3bc61521adc4e2bf2022fa6097be2d85592b6528dcc6c
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2732 2804 WerFault.exe crypt.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 2732 WerFault.exe 2732 WerFault.exe 2732 WerFault.exe 2732 WerFault.exe 2732 WerFault.exe 2732 WerFault.exe 2732 WerFault.exe 2732 WerFault.exe 2732 WerFault.exe 2732 WerFault.exe 2732 WerFault.exe 2732 WerFault.exe 2732 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 2732 WerFault.exe Token: SeBackupPrivilege 2732 WerFault.exe Token: SeDebugPrivilege 2732 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\crypt.exe"C:\Users\Admin\AppData\Local\Temp\crypt.exe"1⤵PID:2804
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 11402⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2732