Analysis
-
max time kernel
137s -
max time network
105s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
16-07-2020 06:41
Static task
static1
Behavioral task
behavioral1
Sample
Attached Documents_pdf.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Attached Documents_pdf.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
Attached Documents_pdf.exe
-
Size
925KB
-
MD5
9cebad4a442a08f7eacdc152a04c159e
-
SHA1
fcb5991bda8c8964447b00647784e73f57dbd852
-
SHA256
c51d4fc5a8422271d20c83380f1cb646a19ca48c6bd4e509b29579d01bd8ea68
-
SHA512
9e7a78124092ee0ce670c81fbc3c285e0d0e8f1cd3bfdf975a40dc43f440bcbd330ae5ab1be4e034530aa2115dca56c4e7db0da3f45817923d8bd958f91c7a7f
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3972 992 WerFault.exe 66 -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 3972 WerFault.exe Token: SeBackupPrivilege 3972 WerFault.exe Token: SeDebugPrivilege 3972 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 3972 WerFault.exe 3972 WerFault.exe 3972 WerFault.exe 3972 WerFault.exe 3972 WerFault.exe 3972 WerFault.exe 3972 WerFault.exe 3972 WerFault.exe 3972 WerFault.exe 3972 WerFault.exe 3972 WerFault.exe 3972 WerFault.exe 3972 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Attached Documents_pdf.exe"C:\Users\Admin\AppData\Local\Temp\Attached Documents_pdf.exe"1⤵PID:992
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 9402⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:3972
-