Analysis
-
max time kernel
122s -
max time network
124s -
platform
windows10_x64 -
resource
win10 -
submitted
13-07-2020 20:13
Static task
static1
Behavioral task
behavioral1
Sample
doc-071320201.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
doc-071320201.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
doc-071320201.exe
-
Size
327KB
-
MD5
a7fe386df37ae66d6f28ed9b91e0278f
-
SHA1
dceb0561f18341c51ee40a453c37953b89797160
-
SHA256
0947492a00cd402a32d498a1d7f1e2d30e1a1c5d48cc65fbef5784f7593b1eee
-
SHA512
ea02095237a9b3559af35051e8d58bacee7ccc4d9127237f73eef6d756e504fe439cb0ba282705dd0aac4f87b6393148c6081453e22e5dc4ac9f0358918780e9
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2020 344 WerFault.exe doc-071320201.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 2020 WerFault.exe 2020 WerFault.exe 2020 WerFault.exe 2020 WerFault.exe 2020 WerFault.exe 2020 WerFault.exe 2020 WerFault.exe 2020 WerFault.exe 2020 WerFault.exe 2020 WerFault.exe 2020 WerFault.exe 2020 WerFault.exe 2020 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 2020 WerFault.exe Token: SeBackupPrivilege 2020 WerFault.exe Token: SeDebugPrivilege 2020 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\doc-071320201.exe"C:\Users\Admin\AppData\Local\Temp\doc-071320201.exe"1⤵PID:344
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 11402⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2020