Analysis
-
max time kernel
123s -
max time network
124s -
platform
windows10_x64 -
resource
win10 -
submitted
19-07-2020 17:28
Static task
static1
Behavioral task
behavioral1
Sample
tasks_203.vir.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
tasks_203.vir.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
tasks_203.vir.exe
-
Size
328KB
-
MD5
e431a6b3e3ea4e32f8dd622f3e632a27
-
SHA1
b6421384ac16c0a9e65f698263bc2784fa0f5596
-
SHA256
9f55258f872561acb62137271079b8e1f67ebe6b1a211e30a2c02c02699c3449
-
SHA512
943cd962e946415cda461984b9620d25c43861c181151605ac35448842f537afa34e94809a6a304219d72c4bbd8fbae3c09c9450db5e040efa166ee6e144ef13
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3112 716 WerFault.exe tasks_203.vir.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 3112 WerFault.exe Token: SeBackupPrivilege 3112 WerFault.exe Token: SeDebugPrivilege 3112 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 3112 WerFault.exe 3112 WerFault.exe 3112 WerFault.exe 3112 WerFault.exe 3112 WerFault.exe 3112 WerFault.exe 3112 WerFault.exe 3112 WerFault.exe 3112 WerFault.exe 3112 WerFault.exe 3112 WerFault.exe 3112 WerFault.exe 3112 WerFault.exe 3112 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\tasks_203.vir.exe"C:\Users\Admin\AppData\Local\Temp\tasks_203.vir.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 716 -s 5482⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses