Analysis
-
max time kernel
136s -
max time network
100s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
13-07-2020 09:35
Static task
static1
Behavioral task
behavioral1
Sample
62a107.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
62a107.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
62a107.exe
-
Size
156KB
-
MD5
ddb0136ad007d0b77ca903688776dbc6
-
SHA1
f3d9ca6d33be62b382b3ed2446b733938cac5245
-
SHA256
5852518bca655111976a3d44d8418dac0fcdf45338a5a00e66a9e9d4d2dd6122
-
SHA512
088b2d10929c834f2b52016bb6df50b4eabc2cca4699fc052bf1113c6285946e72a53c69ac466221febef595e83f433117dd462746d0cd0f6645807b0a708b78
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2268 3944 WerFault.exe 62a107.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 2268 WerFault.exe Token: SeBackupPrivilege 2268 WerFault.exe Token: SeDebugPrivilege 2268 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 2268 WerFault.exe 2268 WerFault.exe 2268 WerFault.exe 2268 WerFault.exe 2268 WerFault.exe 2268 WerFault.exe 2268 WerFault.exe 2268 WerFault.exe 2268 WerFault.exe 2268 WerFault.exe 2268 WerFault.exe 2268 WerFault.exe 2268 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\62a107.exe"C:\Users\Admin\AppData\Local\Temp\62a107.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 11402⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2268-0-0x0000000004AF0000-0x0000000004AF1000-memory.dmpFilesize
4KB