Analysis
-
max time kernel
147s -
max time network
65s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
13-07-2020 12:34
Static task
static1
Behavioral task
behavioral1
Sample
2730a12eb9b244a9105af13786a9a5c50dc1c7980bde12f4bced7c87f0480493.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
2730a12eb9b244a9105af13786a9a5c50dc1c7980bde12f4bced7c87f0480493.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
2730a12eb9b244a9105af13786a9a5c50dc1c7980bde12f4bced7c87f0480493.exe
-
Size
343KB
-
MD5
f218d8a2d942f6f5f7b1e648993ce753
-
SHA1
5fcbd2d04382de6dd21808346997d32e992dd0e8
-
SHA256
2730a12eb9b244a9105af13786a9a5c50dc1c7980bde12f4bced7c87f0480493
-
SHA512
2b3e669b895af84f4bbc25bf4ef644b3f984c4bf9563ab3b7f8c2aa1cb31220f616357f0cf5f9dc6cf8b7e6dc8a6c4b7f0888a3bc6fbc0affc0bba20e6a3a360
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 736 3768 WerFault.exe 65 -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 736 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 736 WerFault.exe 736 WerFault.exe 736 WerFault.exe 736 WerFault.exe 736 WerFault.exe 736 WerFault.exe 736 WerFault.exe 736 WerFault.exe 736 WerFault.exe 736 WerFault.exe 736 WerFault.exe 736 WerFault.exe 736 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2730a12eb9b244a9105af13786a9a5c50dc1c7980bde12f4bced7c87f0480493.exe"C:\Users\Admin\AppData\Local\Temp\2730a12eb9b244a9105af13786a9a5c50dc1c7980bde12f4bced7c87f0480493.exe"1⤵PID:3768
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 3768 -s 13722⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:736
-