Analysis
-
max time kernel
109s -
max time network
131s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
12-07-2020 09:17
Static task
static1
Behavioral task
behavioral1
Sample
RFQ 107801022.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
RFQ 107801022.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
RFQ 107801022.exe
-
Size
412KB
-
MD5
afc225f7967645ccb4e431442204e5a0
-
SHA1
35e99a6330b39eb8fe349904438483a5773a33bd
-
SHA256
ce5a82d9e4d14e5511170ff4bb06aeaa49a937c39a6770a8e9b38d589b8339f6
-
SHA512
49d52d9cee65685b736b89ce934c1e59fe94cf7ae2d870265b28d12c74f4c5eee9c4d5d278a45757e86811ad0bb9808456825d6575bdd16d7c980ac2014472f3
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1008 2416 WerFault.exe RFQ 107801022.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 1008 WerFault.exe 1008 WerFault.exe 1008 WerFault.exe 1008 WerFault.exe 1008 WerFault.exe 1008 WerFault.exe 1008 WerFault.exe 1008 WerFault.exe 1008 WerFault.exe 1008 WerFault.exe 1008 WerFault.exe 1008 WerFault.exe 1008 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 1008 WerFault.exe Token: SeBackupPrivilege 1008 WerFault.exe Token: SeDebugPrivilege 1008 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\RFQ 107801022.exe"C:\Users\Admin\AppData\Local\Temp\RFQ 107801022.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 11362⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken