Analysis
-
max time kernel
148s -
max time network
148s -
platform
windows10_x64 -
resource
win10 -
submitted
09-07-2020 12:17
Static task
static1
Behavioral task
behavioral1
Sample
Detalles del banco.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Detalles del banco.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
Detalles del banco.exe
-
Size
610KB
-
MD5
8ee663b59c093fa22f1253acc679ec41
-
SHA1
e151bc43031a0ebe8c3c90a77bfa7a4d47b71c7e
-
SHA256
f9bd72771da7917018cfca8a80bb7dad2e8e029aedcd8851c320256243c5e9db
-
SHA512
b5c0fdd43dcbff73b77d8690b6021a0f1c708299b43915b708f41d8338a4463da2043f936a76c60d04b5f9e13bc79f0338fc0b6a0e1e8ad12d4efb922ed48fab
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3948 3588 WerFault.exe Detalles del banco.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
Detalles del banco.exeWerFault.exepid process 3588 Detalles del banco.exe 3948 WerFault.exe 3948 WerFault.exe 3948 WerFault.exe 3948 WerFault.exe 3948 WerFault.exe 3948 WerFault.exe 3948 WerFault.exe 3948 WerFault.exe 3948 WerFault.exe 3948 WerFault.exe 3948 WerFault.exe 3948 WerFault.exe 3948 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
Detalles del banco.exeWerFault.exedescription pid process Token: SeDebugPrivilege 3588 Detalles del banco.exe Token: SeRestorePrivilege 3948 WerFault.exe Token: SeBackupPrivilege 3948 WerFault.exe Token: SeDebugPrivilege 3948 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Detalles del banco.exe"C:\Users\Admin\AppData\Local\Temp\Detalles del banco.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3588 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 12962⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3948