Analysis
-
max time kernel
65s -
max time network
109s -
platform
windows10_x64 -
resource
win10 -
submitted
13-07-2020 06:37
Static task
static1
Behavioral task
behavioral1
Sample
NEW ORDER INQUIRY.exe
Resource
win7v200430
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
NEW ORDER INQUIRY.exe
Resource
win10
0 signatures
0 seconds
General
-
Target
NEW ORDER INQUIRY.exe
-
Size
337KB
-
MD5
d8e2e042791b6f4c7ae28624d7a1de92
-
SHA1
5373277d7bc120b129897505b566e7e2d31543d1
-
SHA256
50bb1f29f0f8ed951bfa9f9d6dc45611765f20f683cdc2270c5a2c8b7dff1d3f
-
SHA512
2a44d414a10391919a68113657aa50eca22a1d0497f9ff1d8a48e078f70cbefec811e31eadbb1f57b2d893c72ac9e34d4b1a41dbd5698e0a17d7a5c5a8002f74
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3852 2532 WerFault.exe NEW ORDER INQUIRY.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 3852 WerFault.exe 3852 WerFault.exe 3852 WerFault.exe 3852 WerFault.exe 3852 WerFault.exe 3852 WerFault.exe 3852 WerFault.exe 3852 WerFault.exe 3852 WerFault.exe 3852 WerFault.exe 3852 WerFault.exe 3852 WerFault.exe 3852 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 3852 WerFault.exe Token: SeBackupPrivilege 3852 WerFault.exe Token: SeDebugPrivilege 3852 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEW ORDER INQUIRY.exe"C:\Users\Admin\AppData\Local\Temp\NEW ORDER INQUIRY.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 11442⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken