Analysis
-
max time kernel
122s -
max time network
119s -
platform
windows10_x64 -
resource
win10 -
submitted
15-07-2020 13:05
Static task
static1
Behavioral task
behavioral1
Sample
PO.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
PO.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
PO.exe
-
Size
363KB
-
MD5
03a9449ae7b7d6b49034ffc0355540ec
-
SHA1
d0a4f8207905ed65aca2cfc812dbd1f0b6849ebc
-
SHA256
0997df6c23c47188146000e04ad399b7ccfdbe3e9cfceed18b232b712088adee
-
SHA512
fa9df0cd4e07e9a9295a4a272ee99ca95f02ff5ed02d1daada1ae79509b044581ecd80c60651595ffc5b077bdfe9cb08d05683748afb9fa8ee803c3b602b795d
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3892 344 WerFault.exe PO.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 3892 WerFault.exe 3892 WerFault.exe 3892 WerFault.exe 3892 WerFault.exe 3892 WerFault.exe 3892 WerFault.exe 3892 WerFault.exe 3892 WerFault.exe 3892 WerFault.exe 3892 WerFault.exe 3892 WerFault.exe 3892 WerFault.exe 3892 WerFault.exe 3892 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 3892 WerFault.exe Token: SeBackupPrivilege 3892 WerFault.exe Token: SeDebugPrivilege 3892 WerFault.exe