Analysis
-
max time kernel
147s -
max time network
101s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
13-07-2020 07:12
Static task
static1
Behavioral task
behavioral1
Sample
order list.exe
Resource
win7
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
order list.exe
Resource
win10v200430
0 signatures
0 seconds
General
-
Target
order list.exe
-
Size
296KB
-
MD5
76bb6a33ec5f8f6bd9defe4341871e98
-
SHA1
0ec9277d8c2e410440485c7cd2202ef877d49230
-
SHA256
7910fbd27cb1e4fd04a3356d45036821ed924ef1b8de3117d677be4938cb5140
-
SHA512
806dade1f74874d3c6cb3acdabee50ebc3a6cd4927d57e83e7136b448fe0a207a3a0e440be3668b2116e2043452cf1f0327aedc1e7542a7e8684b53eda7d10d9
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2200 3768 WerFault.exe order list.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 2200 WerFault.exe Token: SeBackupPrivilege 2200 WerFault.exe Token: SeDebugPrivilege 2200 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 2200 WerFault.exe 2200 WerFault.exe 2200 WerFault.exe 2200 WerFault.exe 2200 WerFault.exe 2200 WerFault.exe 2200 WerFault.exe 2200 WerFault.exe 2200 WerFault.exe 2200 WerFault.exe 2200 WerFault.exe 2200 WerFault.exe 2200 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\order list.exe"C:\Users\Admin\AppData\Local\Temp\order list.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 11402⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses