Analysis
-
max time kernel
130s -
max time network
125s -
platform
windows10_x64 -
resource
win10 -
submitted
13-07-2020 06:27
Static task
static1
Behavioral task
behavioral1
Sample
purchase order.exe
Resource
win7v200430
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
purchase order.exe
Resource
win10
0 signatures
0 seconds
General
-
Target
purchase order.exe
-
Size
790KB
-
MD5
3c55253fc699ca4f3aa7b5f39796e82c
-
SHA1
85be2e70b90bbefdb191cd5440c9519772755402
-
SHA256
420541ff7ab7f97d2110f9c2f2488087c0d2f9e577fa5e55c73eebf4f5416bbc
-
SHA512
bedb39cfab073dfce9e12488818d20381e48ec33cbfe30c53f5e1679b439b261c65cbf448f1a6d616c74f337f0dbcfd70194b141abc2399eed703210e0b1e297
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3780 2916 WerFault.exe purchase order.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 3780 WerFault.exe Token: SeBackupPrivilege 3780 WerFault.exe Token: SeDebugPrivilege 3780 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 3780 WerFault.exe 3780 WerFault.exe 3780 WerFault.exe 3780 WerFault.exe 3780 WerFault.exe 3780 WerFault.exe 3780 WerFault.exe 3780 WerFault.exe 3780 WerFault.exe 3780 WerFault.exe 3780 WerFault.exe 3780 WerFault.exe 3780 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\purchase order.exe"C:\Users\Admin\AppData\Local\Temp\purchase order.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 11442⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses