Analysis
-
max time kernel
122s -
max time network
124s -
platform
windows10_x64 -
resource
win10 -
submitted
13-07-2020 06:24
Static task
static1
Behavioral task
behavioral1
Sample
win32.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
win32.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
win32.exe
-
Size
151KB
-
MD5
2f69495e576c580e33a3e9ab700691ac
-
SHA1
1dbac603d3d19785afea7f6910a960bf8ec23aad
-
SHA256
2ecc8d956dcef4f753a79989e5741210cc50b9f369e0f76145cd3e1e5144c4ee
-
SHA512
25619211997c998d2b36682be8d9b7684e35b3c6331f6155fe09f161831d78f760dc8c8a48699a093c54ec806c784f889946f07202eb7490af955f4e147ea4ae
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3864 2460 WerFault.exe win32.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 3864 WerFault.exe Token: SeBackupPrivilege 3864 WerFault.exe Token: SeDebugPrivilege 3864 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 3864 WerFault.exe 3864 WerFault.exe 3864 WerFault.exe 3864 WerFault.exe 3864 WerFault.exe 3864 WerFault.exe 3864 WerFault.exe 3864 WerFault.exe 3864 WerFault.exe 3864 WerFault.exe 3864 WerFault.exe 3864 WerFault.exe 3864 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\win32.exe"C:\Users\Admin\AppData\Local\Temp\win32.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 11402⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses