Analysis
-
max time kernel
122s -
max time network
117s -
platform
windows10_x64 -
resource
win10 -
submitted
14-07-2020 13:31
Static task
static1
Behavioral task
behavioral1
Sample
plcfeVYdiIOV5jX.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
plcfeVYdiIOV5jX.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
plcfeVYdiIOV5jX.exe
-
Size
992KB
-
MD5
d1a32e0c76d6987491bb615870cff8e8
-
SHA1
4b1d30b1216c65f3bdf893127c8e293f4e33bcec
-
SHA256
8435871f09b1ba4c78f547c3bda0c509e426601221f60b455f6b6cb9d8a2f1ce
-
SHA512
659525820f88d841dd5f0a32ccf30d3bb6f5964e92f16ccdb2e87fe1a1126af21f8ce78abd87bb2110854b98cd9d6beedf0df3e78da8b506fe9068a86d2fdd5f
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3820 344 WerFault.exe 66 -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 3820 WerFault.exe Token: SeBackupPrivilege 3820 WerFault.exe Token: SeDebugPrivilege 3820 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 3820 WerFault.exe 3820 WerFault.exe 3820 WerFault.exe 3820 WerFault.exe 3820 WerFault.exe 3820 WerFault.exe 3820 WerFault.exe 3820 WerFault.exe 3820 WerFault.exe 3820 WerFault.exe 3820 WerFault.exe 3820 WerFault.exe 3820 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\plcfeVYdiIOV5jX.exe"C:\Users\Admin\AppData\Local\Temp\plcfeVYdiIOV5jX.exe"1⤵PID:344
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 9042⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:3820
-