Analysis
-
max time kernel
66s -
max time network
110s -
platform
windows10_x64 -
resource
win10 -
submitted
13-07-2020 06:29
Static task
static1
Behavioral task
behavioral1
Sample
NewyorkUSA-hsbc - confirmation.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
NewyorkUSA-hsbc - confirmation.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
NewyorkUSA-hsbc - confirmation.exe
-
Size
484KB
-
MD5
24e4040b9a02c8cc8a96ac685cc15bd2
-
SHA1
1600fc7708ea4f7ca0f0d310362a8862700d1fdd
-
SHA256
029905c8789b5194e3f20a0a818bbd8922d113ce41ac880fe44f56d39b6a6356
-
SHA512
9e923595ffc60174755ce69216f57048ffadc3bd09b6dd628b916f202104154ce02d39b4710ae07a43267036b09f07741556f5a8d1b081c6c3e96b4111ae6d24
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3968 2976 WerFault.exe 66 -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 3968 WerFault.exe 3968 WerFault.exe 3968 WerFault.exe 3968 WerFault.exe 3968 WerFault.exe 3968 WerFault.exe 3968 WerFault.exe 3968 WerFault.exe 3968 WerFault.exe 3968 WerFault.exe 3968 WerFault.exe 3968 WerFault.exe 3968 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 3968 WerFault.exe Token: SeBackupPrivilege 3968 WerFault.exe Token: SeDebugPrivilege 3968 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\NewyorkUSA-hsbc - confirmation.exe"C:\Users\Admin\AppData\Local\Temp\NewyorkUSA-hsbc - confirmation.exe"1⤵PID:2976
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 11362⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3968
-