Analysis
-
max time kernel
146s -
max time network
152s -
platform
windows10_x64 -
resource
win10 -
submitted
10-07-2020 07:35
Static task
static1
Behavioral task
behavioral1
Sample
purchase list.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
purchase list.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
purchase list.exe
-
Size
342KB
-
MD5
d6f63695191aecfe9c2a83523e2dce38
-
SHA1
d68c0ab1f06ee7a8da74badc7d36f5ad619efb1b
-
SHA256
df745e4434b953ab404e59ef73608a9f3148fa7d629a28b7401c295efdf618b6
-
SHA512
1165bd682e1c508752a1facab8603283ed9104c360d35c09cae7991e0f6c69d1851d34c6392ddef55e52e4bf266104bf218ea002332fdb19f9763c92a8b41fa6
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3828 732 WerFault.exe purchase list.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 3828 WerFault.exe Token: SeBackupPrivilege 3828 WerFault.exe Token: SeDebugPrivilege 3828 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\purchase list.exe"C:\Users\Admin\AppData\Local\Temp\purchase list.exe"1⤵PID:732
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 732 -s 9122⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:3828