Analysis
-
max time kernel
72s -
max time network
89s -
platform
windows10_x64 -
resource
win10 -
submitted
11-07-2020 06:22
Static task
static1
Behavioral task
behavioral1
Sample
PO.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
PO.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
PO.exe
-
Size
629KB
-
MD5
80a403850f764cd5b6b6ca7815d1eef8
-
SHA1
bd52782526e783fe7786e4cef0f169264c1b117d
-
SHA256
1414f24264a3c0579250f74acdbb4ffffc79cf787221704b80cdab5829212bff
-
SHA512
3d4eb72ccb52bea0c05f87885a1b054f294c1e40292aec9d7c09680c20ed4336e0645fefe4b586139642f16022e67cd9d7b62f4e69b00343e1b92cd30c8e9b69
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3216 3536 WerFault.exe PO.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 3216 WerFault.exe 3216 WerFault.exe 3216 WerFault.exe 3216 WerFault.exe 3216 WerFault.exe 3216 WerFault.exe 3216 WerFault.exe 3216 WerFault.exe 3216 WerFault.exe 3216 WerFault.exe 3216 WerFault.exe 3216 WerFault.exe 3216 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 3216 WerFault.exe Token: SeBackupPrivilege 3216 WerFault.exe Token: SeDebugPrivilege 3216 WerFault.exe