Analysis
-
max time kernel
65s -
max time network
116s -
platform
windows10_x64 -
resource
win10 -
submitted
13-07-2020 06:43
Static task
static1
Behavioral task
behavioral1
Sample
RFQ PO-05612020_pdf.exe
Resource
win7
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
RFQ PO-05612020_pdf.exe
Resource
win10
0 signatures
0 seconds
General
-
Target
RFQ PO-05612020_pdf.exe
-
Size
351KB
-
MD5
1b752bcc97d601f051ee22881b4ae85c
-
SHA1
6a94e417c140c64bb2d45955eba08efe72cc89e5
-
SHA256
ee2a89fa1ed80e14eb7fc1a74780d480c574307d0d40aac90c22e8ab7d8b9332
-
SHA512
657f470688c9b4ba1756be778991fd7dec0ca18f24e1ef04686101461269d4c1a43107ee80e3ea646137ff4e8d33ae06b617f36736f9ef3170ce43552fe45868
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3804 3588 WerFault.exe RFQ PO-05612020_pdf.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 3804 WerFault.exe 3804 WerFault.exe 3804 WerFault.exe 3804 WerFault.exe 3804 WerFault.exe 3804 WerFault.exe 3804 WerFault.exe 3804 WerFault.exe 3804 WerFault.exe 3804 WerFault.exe 3804 WerFault.exe 3804 WerFault.exe 3804 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 3804 WerFault.exe Token: SeBackupPrivilege 3804 WerFault.exe Token: SeDebugPrivilege 3804 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\RFQ PO-05612020_pdf.exe"C:\Users\Admin\AppData\Local\Temp\RFQ PO-05612020_pdf.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 11402⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken