Analysis
-
max time kernel
122s -
max time network
117s -
platform
windows10_x64 -
resource
win10 -
submitted
14-07-2020 13:31
Static task
static1
Behavioral task
behavioral1
Sample
plcfeVYdiIOV5jX.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
plcfeVYdiIOV5jX.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
plcfeVYdiIOV5jX.exe
-
Size
992KB
-
MD5
d1a32e0c76d6987491bb615870cff8e8
-
SHA1
4b1d30b1216c65f3bdf893127c8e293f4e33bcec
-
SHA256
8435871f09b1ba4c78f547c3bda0c509e426601221f60b455f6b6cb9d8a2f1ce
-
SHA512
659525820f88d841dd5f0a32ccf30d3bb6f5964e92f16ccdb2e87fe1a1126af21f8ce78abd87bb2110854b98cd9d6beedf0df3e78da8b506fe9068a86d2fdd5f
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target Process procid_target 3820 344 WerFault.exe 66 -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid Process Token: SeRestorePrivilege 3820 WerFault.exe Token: SeBackupPrivilege 3820 WerFault.exe Token: SeDebugPrivilege 3820 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid Process 3820 WerFault.exe 3820 WerFault.exe 3820 WerFault.exe 3820 WerFault.exe 3820 WerFault.exe 3820 WerFault.exe 3820 WerFault.exe 3820 WerFault.exe 3820 WerFault.exe 3820 WerFault.exe 3820 WerFault.exe 3820 WerFault.exe 3820 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\plcfeVYdiIOV5jX.exe"C:\Users\Admin\AppData\Local\Temp\plcfeVYdiIOV5jX.exe"1⤵PID:344
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 9042⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:3820
-