Analysis
-
max time kernel
130s -
max time network
64s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
19-07-2020 17:37
Static task
static1
Behavioral task
behavioral1
Sample
murofet_2.1.0.8.vir.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
murofet_2.1.0.8.vir.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
murofet_2.1.0.8.vir.exe
-
Size
171KB
-
MD5
0af829127513971ce9af0ee48f8bc902
-
SHA1
d61918c58c76a5a7f5c0fef13861687cfc8349df
-
SHA256
bf46e9f5591549bce5526ff3046cd79e19951eefd115be086ce52ef40be592fa
-
SHA512
9b80d93ac6fc537661dc1dc02fe2ad1944bf96ee9e464c189fe89d30257e52da1d15ee99d1e8e4869371ae1f85d182e537854c34a3d1811038e73f61218bff4e
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1788 1616 WerFault.exe murofet_2.1.0.8.vir.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 1788 WerFault.exe Token: SeBackupPrivilege 1788 WerFault.exe Token: SeDebugPrivilege 1788 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 1788 WerFault.exe 1788 WerFault.exe 1788 WerFault.exe 1788 WerFault.exe 1788 WerFault.exe 1788 WerFault.exe 1788 WerFault.exe 1788 WerFault.exe 1788 WerFault.exe 1788 WerFault.exe 1788 WerFault.exe 1788 WerFault.exe 1788 WerFault.exe 1788 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\murofet_2.1.0.8.vir.exe"C:\Users\Admin\AppData\Local\Temp\murofet_2.1.0.8.vir.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 5402⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses