Analysis
-
max time kernel
138s -
max time network
103s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
09-07-2020 06:31
Static task
static1
Behavioral task
behavioral1
Sample
PO-75463545.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
PO-75463545.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
PO-75463545.exe
-
Size
407KB
-
MD5
3e03e5761d8383e715dbd6448806b72a
-
SHA1
b165feb289ff4d2a8622a7a8f9ac287bce8f0388
-
SHA256
a88128dd100fe7852a7ddf40b9ba6725c66cb3073c017f6c74245bc493b88eb9
-
SHA512
d8d71b8d8aff43627c07e6a6843aa824ab02bf279f4c1363e70b31453dcf7ed431c67c6e98588a1008b352c229b761816b08ff77b721730ab9272b8d3b9c3e82
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2256 3724 WerFault.exe 65 -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 2256 WerFault.exe Token: SeBackupPrivilege 2256 WerFault.exe Token: SeDebugPrivilege 2256 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 2256 WerFault.exe 2256 WerFault.exe 2256 WerFault.exe 2256 WerFault.exe 2256 WerFault.exe 2256 WerFault.exe 2256 WerFault.exe 2256 WerFault.exe 2256 WerFault.exe 2256 WerFault.exe 2256 WerFault.exe 2256 WerFault.exe 2256 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\PO-75463545.exe"C:\Users\Admin\AppData\Local\Temp\PO-75463545.exe"1⤵PID:3724
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 9282⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:2256
-