Analysis
-
max time kernel
122s -
max time network
125s -
platform
windows10_x64 -
resource
win10 -
submitted
09-07-2020 14:30
Static task
static1
Behavioral task
behavioral1
Sample
Detalles del banco.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Detalles del banco.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
Detalles del banco.exe
-
Size
608KB
-
MD5
685117bc150a0c93613817fc244eeb76
-
SHA1
0426a6167e475391dc9fc28a0caa86f2d9f0f36b
-
SHA256
f2209224cc5688ee6f73d6d5977b9bdba3996af5d4eb28b523910e4ffb84d313
-
SHA512
f5b9a32a3ff8e09195aa3cfed490ff646b5a1a3aeb7b9d5c276941393d7a47abc5c4518d14caea69c51c2068fb0ed3733da00545a66c8ed106182d39071d1c25
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3008 3832 WerFault.exe Detalles del banco.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
Detalles del banco.exeWerFault.exepid process 3832 Detalles del banco.exe 3008 WerFault.exe 3008 WerFault.exe 3008 WerFault.exe 3008 WerFault.exe 3008 WerFault.exe 3008 WerFault.exe 3008 WerFault.exe 3008 WerFault.exe 3008 WerFault.exe 3008 WerFault.exe 3008 WerFault.exe 3008 WerFault.exe 3008 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
Detalles del banco.exeWerFault.exedescription pid process Token: SeDebugPrivilege 3832 Detalles del banco.exe Token: SeRestorePrivilege 3008 WerFault.exe Token: SeBackupPrivilege 3008 WerFault.exe Token: SeDebugPrivilege 3008 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Detalles del banco.exe"C:\Users\Admin\AppData\Local\Temp\Detalles del banco.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3832 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 12722⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3008