Analysis
-
max time kernel
135s -
max time network
100s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
09-07-2020 15:14
Static task
static1
Behavioral task
behavioral1
Sample
Orden de compra Scan_20200708_0935130.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Orden de compra Scan_20200708_0935130.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
Orden de compra Scan_20200708_0935130.exe
-
Size
547KB
-
MD5
66c29fafcbc0ceb7cf119cbf2d66f674
-
SHA1
c27ecff04c022e6c0a6339b668dadee831cd6ed6
-
SHA256
9549de756b08b36a2f827b0a1e721eff0365f4586c74b3732a78f1afdf471a32
-
SHA512
19092c3a9c91ece5007fe955d067f05e792efa78bfd55280365538019f0aa4136ba79537df68069a751118341f11aa55a9e3c44fdda8573a02d3ab6761e03009
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2744 2804 WerFault.exe 65 -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 2744 WerFault.exe Token: SeBackupPrivilege 2744 WerFault.exe Token: SeDebugPrivilege 2744 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Orden de compra Scan_20200708_0935130.exe"C:\Users\Admin\AppData\Local\Temp\Orden de compra Scan_20200708_0935130.exe"1⤵PID:2804
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 11362⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2744
-