Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows10_x64 -
resource
win10 -
submitted
15/07/2020, 13:41
Static task
static1
Behavioral task
behavioral1
Sample
Quotation for RC outdoor project.exe
Resource
win7
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Quotation for RC outdoor project.exe
Resource
win10
0 signatures
0 seconds
General
-
Target
Quotation for RC outdoor project.exe
-
Size
1008KB
-
MD5
c2e99d68e75306bde7e7494444fa882c
-
SHA1
8f56a68126f81afc92a71b5eaaeb53a0beb696e8
-
SHA256
b0ae66cd2296539cdeb9f833ff7ebc3616cda6d8068d1883e27a04c9240d0d3f
-
SHA512
62b012235d0a3e2ebbaa3406a07ad49c2d10c87d81aab6c7aad74856af2b78fb04404ea2e82f26d66fde14c84fda8a8abfb25201d11c20878a7fd3ed9c16e1c4
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1488 3068 WerFault.exe 66 -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 1488 WerFault.exe Token: SeBackupPrivilege 1488 WerFault.exe Token: SeDebugPrivilege 1488 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 1488 WerFault.exe 1488 WerFault.exe 1488 WerFault.exe 1488 WerFault.exe 1488 WerFault.exe 1488 WerFault.exe 1488 WerFault.exe 1488 WerFault.exe 1488 WerFault.exe 1488 WerFault.exe 1488 WerFault.exe 1488 WerFault.exe 1488 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Quotation for RC outdoor project.exe"C:\Users\Admin\AppData\Local\Temp\Quotation for RC outdoor project.exe"1⤵PID:3068
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 9362⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:1488
-