Analysis
-
max time kernel
109s -
max time network
132s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
10-07-2020 17:56
Static task
static1
Behavioral task
behavioral1
Sample
PIMX19031201.ppt.csv.bat.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
PIMX19031201.ppt.csv.bat.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
PIMX19031201.ppt.csv.bat.exe
-
Size
626KB
-
MD5
154b9a5a3f487ddffe4ab579b4556c1f
-
SHA1
34fa640eb96c22ce2feec3cd32d7d83b9c3cae81
-
SHA256
442e9a77e130db7f6d9802a6a87e942e71163e9030134ac8ab4d76af114aba60
-
SHA512
47f482eef3141edb0e7b865a40d5a9634598d84d52584a50c5887bb598199c4de8f244be131b482aa0ac49893627cdf0c757d682bde26246b157d91cc2fe0154
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 988 2416 WerFault.exe PIMX19031201.ppt.csv.bat.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 988 WerFault.exe 988 WerFault.exe 988 WerFault.exe 988 WerFault.exe 988 WerFault.exe 988 WerFault.exe 988 WerFault.exe 988 WerFault.exe 988 WerFault.exe 988 WerFault.exe 988 WerFault.exe 988 WerFault.exe 988 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 988 WerFault.exe Token: SeBackupPrivilege 988 WerFault.exe Token: SeDebugPrivilege 988 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\PIMX19031201.ppt.csv.bat.exe"C:\Users\Admin\AppData\Local\Temp\PIMX19031201.ppt.csv.bat.exe"1⤵PID:2416
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 8962⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:988