Analysis
-
max time kernel
136s -
max time network
137s -
platform
windows10_x64 -
resource
win10 -
submitted
09-07-2020 13:46
Static task
static1
Behavioral task
behavioral1
Sample
8109e1b1ea98b06d4e7eb7753b6a17ed3670c959859e543fbeace72f96bbc1fd.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
8109e1b1ea98b06d4e7eb7753b6a17ed3670c959859e543fbeace72f96bbc1fd.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
8109e1b1ea98b06d4e7eb7753b6a17ed3670c959859e543fbeace72f96bbc1fd.exe
-
Size
6KB
-
MD5
56a237b110e6372c174ac23c9e5b7602
-
SHA1
8fe983d58a22b447fd76b8a7ce5ef15d1b4341d3
-
SHA256
8109e1b1ea98b06d4e7eb7753b6a17ed3670c959859e543fbeace72f96bbc1fd
-
SHA512
e1facf22a981a5ea30b3bcae1fc2772bda0a44c663c9b17d1784a1e0447236b3ed6f267bcf50fb16980aea74d681891a10871252fb51f13ed1f203df4bbef7f9
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3936 3588 WerFault.exe 66 -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 3936 WerFault.exe Token: SeBackupPrivilege 3936 WerFault.exe Token: SeDebugPrivilege 3936 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 3936 WerFault.exe 3936 WerFault.exe 3936 WerFault.exe 3936 WerFault.exe 3936 WerFault.exe 3936 WerFault.exe 3936 WerFault.exe 3936 WerFault.exe 3936 WerFault.exe 3936 WerFault.exe 3936 WerFault.exe 3936 WerFault.exe 3936 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\8109e1b1ea98b06d4e7eb7753b6a17ed3670c959859e543fbeace72f96bbc1fd.exe"C:\Users\Admin\AppData\Local\Temp\8109e1b1ea98b06d4e7eb7753b6a17ed3670c959859e543fbeace72f96bbc1fd.exe"1⤵PID:3588
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 10042⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:3936
-