Analysis
-
max time kernel
128s -
max time network
131s -
platform
windows10_x64 -
resource
win10 -
submitted
13/07/2020, 06:26
Static task
static1
Behavioral task
behavioral1
Sample
P0#1307020 P2.bat.exe
Resource
win7v200430
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
P0#1307020 P2.bat.exe
Resource
win10
0 signatures
0 seconds
General
-
Target
P0#1307020 P2.bat.exe
-
Size
341KB
-
MD5
735f03674a0a65c14088e18657694fe9
-
SHA1
6e2d3a2e7bb0220054c8fc2ea8272f6d9babd0bb
-
SHA256
cf4cf0f064bbd1115fdee0971c7ffc9a474984eeda8107040589b425ae1a6605
-
SHA512
1a74849aab621c866076a5660e16fbcc569085701858cba054d9ad67f2ac3696c9dc75da9f3564f5e71cc19c4c53c3a8b6993c937ee6f063c19bb84668f4e699
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3912 3676 WerFault.exe 66 -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 3912 WerFault.exe Token: SeBackupPrivilege 3912 WerFault.exe Token: SeDebugPrivilege 3912 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 3912 WerFault.exe 3912 WerFault.exe 3912 WerFault.exe 3912 WerFault.exe 3912 WerFault.exe 3912 WerFault.exe 3912 WerFault.exe 3912 WerFault.exe 3912 WerFault.exe 3912 WerFault.exe 3912 WerFault.exe 3912 WerFault.exe 3912 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\P0#1307020 P2.bat.exe"C:\Users\Admin\AppData\Local\Temp\P0#1307020 P2.bat.exe"1⤵PID:3676
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 11402⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:3912
-