Analysis
-
max time kernel
75s -
max time network
146s -
platform
windows10_x64 -
resource
win10 -
submitted
10-07-2020 17:42
Static task
static1
Behavioral task
behavioral1
Sample
Image001.exe
Resource
win7
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Image001.exe
Resource
win10
0 signatures
0 seconds
General
-
Target
Image001.exe
-
Size
652KB
-
MD5
9ad127f4f4d28ea19395cb16c194f23d
-
SHA1
21ce15a2f1ee49d7420ea368e51cf92b61028a4c
-
SHA256
9c1f76b540f055b2b6131cde2f6896e73f3e0170070c0551d90d20364156d32c
-
SHA512
b3e6f896c4d0747e0d575b1abc63eb96eb0cd791bce21275c44b58731494fa143f1ba03ea6185ee1d3c25366c32e8b26bdefdd4624f0f9780e3e8fcc64665d13
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3004 748 WerFault.exe Image001.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 3004 WerFault.exe 3004 WerFault.exe 3004 WerFault.exe 3004 WerFault.exe 3004 WerFault.exe 3004 WerFault.exe 3004 WerFault.exe 3004 WerFault.exe 3004 WerFault.exe 3004 WerFault.exe 3004 WerFault.exe 3004 WerFault.exe 3004 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 3004 WerFault.exe Token: SeBackupPrivilege 3004 WerFault.exe Token: SeDebugPrivilege 3004 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Image001.exe"C:\Users\Admin\AppData\Local\Temp\Image001.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 9002⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken