Analysis
-
max time kernel
73s -
max time network
110s -
platform
windows10_x64 -
resource
win10 -
submitted
10-07-2020 17:44
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543.exe
-
Size
288KB
-
MD5
9d4c81c16699da96cacc73cabaaf9fb4
-
SHA1
10ff1580fb137006d2e396ee9432ff4a84b409b7
-
SHA256
0638b1723d45eb9fbbf4db0428aeb59b08da4082779c361ae881445ef35bb6d4
-
SHA512
9ce9fecf3921ba70e9e0a92400439d842073d1cc5f52e16f06a4c4259622ea42d4314b8700edd7e24a6b34276e29b93eb7100f5a0a6f774048c96a1bdf23b0c0
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3820 2976 WerFault.exe 66 -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 3820 WerFault.exe Token: SeBackupPrivilege 3820 WerFault.exe Token: SeDebugPrivilege 3820 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 3820 WerFault.exe 3820 WerFault.exe 3820 WerFault.exe 3820 WerFault.exe 3820 WerFault.exe 3820 WerFault.exe 3820 WerFault.exe 3820 WerFault.exe 3820 WerFault.exe 3820 WerFault.exe 3820 WerFault.exe 3820 WerFault.exe 3820 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543.exe"1⤵PID:2976
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 11522⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:3820
-