Analysis
-
max time kernel
135s -
max time network
138s -
platform
windows10_x64 -
resource
win10 -
submitted
09-07-2020 08:27
Static task
static1
Behavioral task
behavioral1
Sample
PO_287109139.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
PO_287109139.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
PO_287109139.exe
-
Size
737KB
-
MD5
5df31efe4011afb75d9fddbc55387de0
-
SHA1
f6eee466fb7425254f0884dbb5c49e3849eadef1
-
SHA256
3e5ee9e4d00a17bd606a38740500770ddc552e664e3b02770d9897b3ba4423b3
-
SHA512
98f4877b25a2fb81cd4304351274be959c9059576a0fdd72a359f9f024060e27261f3a36b06ee4e4080e85d09136587a4f2d260c56ea0f43f3528cfbfbcefd21
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3456 3108 WerFault.exe 66 -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 3456 WerFault.exe 3456 WerFault.exe 3456 WerFault.exe 3456 WerFault.exe 3456 WerFault.exe 3456 WerFault.exe 3456 WerFault.exe 3456 WerFault.exe 3456 WerFault.exe 3456 WerFault.exe 3456 WerFault.exe 3456 WerFault.exe 3456 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 3456 WerFault.exe Token: SeBackupPrivilege 3456 WerFault.exe Token: SeDebugPrivilege 3456 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\PO_287109139.exe"C:\Users\Admin\AppData\Local\Temp\PO_287109139.exe"1⤵PID:3108
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 11482⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3456
-