Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
13-07-2020 06:56
Static task
static1
Behavioral task
behavioral1
Sample
PO_013-0034299 & PO_013-0034335.exe
Resource
win7
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
PO_013-0034299 & PO_013-0034335.exe
Resource
win10v200430
0 signatures
0 seconds
General
-
Target
PO_013-0034299 & PO_013-0034335.exe
-
Size
302KB
-
MD5
fb080213d4cdb082ce078ae5773bf0e7
-
SHA1
b0ded72625ef8685f9e53e46592e8f3ea18e3ff8
-
SHA256
fcd82ee31a25536c2d5dcb275e09bba22ba661b24225dbc5e2f0b7ae41af65e0
-
SHA512
f22cc880ea95570b290d1cf5b2409c51c11f0fcc8b2773bbb4f7a20d7dcf5ce5012b7043101cb5c7347f465a35a7cf05433e8615ad057ffc9b8b96532e13abca
Score
3/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 3612 WerFault.exe Token: SeBackupPrivilege 3612 WerFault.exe Token: SeDebugPrivilege 3612 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 3612 WerFault.exe 3612 WerFault.exe 3612 WerFault.exe 3612 WerFault.exe 3612 WerFault.exe 3612 WerFault.exe 3612 WerFault.exe 3612 WerFault.exe 3612 WerFault.exe 3612 WerFault.exe 3612 WerFault.exe 3612 WerFault.exe 3612 WerFault.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3612 1612 WerFault.exe PO_013-0034299 & PO_013-0034335.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\PO_013-0034299 & PO_013-0034335.exe"C:\Users\Admin\AppData\Local\Temp\PO_013-0034299 & PO_013-0034335.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 11362⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
- Program crash