Analysis
-
max time kernel
121s -
max time network
117s -
platform
windows10_x64 -
resource
win10 -
submitted
10/07/2020, 07:35
Static task
static1
Behavioral task
behavioral1
Sample
gunzipped.exe
Resource
win7v200430
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
gunzipped.exe
Resource
win10
0 signatures
0 seconds
General
-
Target
gunzipped.exe
-
Size
546KB
-
MD5
da020d0c54734d21d96efd3b05cafc0b
-
SHA1
1ef4a1601984ed3eeffcaa15ecaec7ded28f7ebd
-
SHA256
0a8a4c3e09dd9ea5652a1388c395ed0707e6e2c370fa0fa288f71da425022464
-
SHA512
233816b405f65db45ef67ddac66e16746d341ebd53c6ab289f5ef19ded128eb82631cf2f6a9593771a71bdf564a2c667b4088cba43524c480ce6ba6ad2c352b9
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3344 976 WerFault.exe 66 -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 3344 WerFault.exe 3344 WerFault.exe 3344 WerFault.exe 3344 WerFault.exe 3344 WerFault.exe 3344 WerFault.exe 3344 WerFault.exe 3344 WerFault.exe 3344 WerFault.exe 3344 WerFault.exe 3344 WerFault.exe 3344 WerFault.exe 3344 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 3344 WerFault.exe Token: SeBackupPrivilege 3344 WerFault.exe Token: SeDebugPrivilege 3344 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\gunzipped.exe"C:\Users\Admin\AppData\Local\Temp\gunzipped.exe"1⤵PID:976
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 9122⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3344
-