Analysis
-
max time kernel
289s -
max time network
289s -
platform
windows10_x64 -
resource
win10 -
submitted
13-07-2020 16:34
Static task
static1
Behavioral task
behavioral1
Sample
e2473526523180f460af4d8e164df9060c9f328cc7c0bae5846d51b28c12febe.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
e2473526523180f460af4d8e164df9060c9f328cc7c0bae5846d51b28c12febe.exe
-
Size
439KB
-
MD5
4ef2d073c2bc1e3f2673155f0ecc6d25
-
SHA1
72d3d907d7502c383ffc8239d255882838a5a6e4
-
SHA256
e2473526523180f460af4d8e164df9060c9f328cc7c0bae5846d51b28c12febe
-
SHA512
18313982e57ca70f02fd35c9a13cc97e8ef73ccdae90a319cd810ff2f063d3722c88e7e1cc3f86d20bbc2f4922ac90876f1c926713fcac576b1c1a5dc20eec38
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target Process procid_target 4012 3544 WerFault.exe 66 -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid Process Token: SeRestorePrivilege 4012 WerFault.exe Token: SeBackupPrivilege 4012 WerFault.exe Token: SeDebugPrivilege 4012 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid Process 4012 WerFault.exe 4012 WerFault.exe 4012 WerFault.exe 4012 WerFault.exe 4012 WerFault.exe 4012 WerFault.exe 4012 WerFault.exe 4012 WerFault.exe 4012 WerFault.exe 4012 WerFault.exe 4012 WerFault.exe 4012 WerFault.exe 4012 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\e2473526523180f460af4d8e164df9060c9f328cc7c0bae5846d51b28c12febe.exe"C:\Users\Admin\AppData\Local\Temp\e2473526523180f460af4d8e164df9060c9f328cc7c0bae5846d51b28c12febe.exe"1⤵PID:3544
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 11482⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:4012
-