Analysis
-
max time kernel
289s -
max time network
289s -
platform
windows10_x64 -
resource
win10 -
submitted
13-07-2020 16:34
Static task
static1
Behavioral task
behavioral1
Sample
e2473526523180f460af4d8e164df9060c9f328cc7c0bae5846d51b28c12febe.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
e2473526523180f460af4d8e164df9060c9f328cc7c0bae5846d51b28c12febe.exe
-
Size
439KB
-
MD5
4ef2d073c2bc1e3f2673155f0ecc6d25
-
SHA1
72d3d907d7502c383ffc8239d255882838a5a6e4
-
SHA256
e2473526523180f460af4d8e164df9060c9f328cc7c0bae5846d51b28c12febe
-
SHA512
18313982e57ca70f02fd35c9a13cc97e8ef73ccdae90a319cd810ff2f063d3722c88e7e1cc3f86d20bbc2f4922ac90876f1c926713fcac576b1c1a5dc20eec38
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 4012 3544 WerFault.exe 66 -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 4012 WerFault.exe Token: SeBackupPrivilege 4012 WerFault.exe Token: SeDebugPrivilege 4012 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 4012 WerFault.exe 4012 WerFault.exe 4012 WerFault.exe 4012 WerFault.exe 4012 WerFault.exe 4012 WerFault.exe 4012 WerFault.exe 4012 WerFault.exe 4012 WerFault.exe 4012 WerFault.exe 4012 WerFault.exe 4012 WerFault.exe 4012 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\e2473526523180f460af4d8e164df9060c9f328cc7c0bae5846d51b28c12febe.exe"C:\Users\Admin\AppData\Local\Temp\e2473526523180f460af4d8e164df9060c9f328cc7c0bae5846d51b28c12febe.exe"1⤵PID:3544
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 11482⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:4012
-