Analysis
-
max time kernel
126s -
max time network
124s -
platform
windows10_x64 -
resource
win10 -
submitted
19-07-2020 19:35
Static task
static1
Behavioral task
behavioral1
Sample
kins_1.0.1.0.vir.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
kins_1.0.1.0.vir.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
kins_1.0.1.0.vir.exe
-
Size
264KB
-
MD5
0a685c37f75a6224a7aa74ac58568b2a
-
SHA1
bc3fca55b7f105466082499ab1b3bc7b268ba21d
-
SHA256
2175bd94c8f6b7a75f4058bb9b981c2dee39a34a51afe018ebecfbffa490656c
-
SHA512
34811a19c4aa3cb9871aaf34349f8b11d7938995484ff576ee4747a2e7808feced53ef3b9373e3fb5b259e31573a7eeeb55bf01ee0159fcc9e3890a6a2cfae8f
Score
3/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
Processes:
kins_1.0.1.0.vir.exeWerFault.exeWerFault.exedescription pid process Token: SeShutdownPrivilege 3796 kins_1.0.1.0.vir.exe Token: SeCreatePagefilePrivilege 3796 kins_1.0.1.0.vir.exe Token: SeRestorePrivilege 3520 WerFault.exe Token: SeBackupPrivilege 3520 WerFault.exe Token: SeDebugPrivilege 3520 WerFault.exe Token: SeDebugPrivilege 3932 WerFault.exe -
Program crash 3 IoCs
Processes:
WerFault.exeWerFault.exeWerFault.exepid pid_target process target process 3520 3796 WerFault.exe kins_1.0.1.0.vir.exe 3932 3796 WerFault.exe kins_1.0.1.0.vir.exe 3860 3796 WerFault.exe kins_1.0.1.0.vir.exe -
Suspicious behavior: EnumeratesProcesses 28 IoCs
Processes:
WerFault.exeWerFault.exepid process 3520 WerFault.exe 3520 WerFault.exe 3520 WerFault.exe 3520 WerFault.exe 3520 WerFault.exe 3520 WerFault.exe 3520 WerFault.exe 3520 WerFault.exe 3520 WerFault.exe 3520 WerFault.exe 3520 WerFault.exe 3520 WerFault.exe 3520 WerFault.exe 3520 WerFault.exe 3932 WerFault.exe 3932 WerFault.exe 3932 WerFault.exe 3932 WerFault.exe 3932 WerFault.exe 3932 WerFault.exe 3932 WerFault.exe 3932 WerFault.exe 3932 WerFault.exe 3932 WerFault.exe 3932 WerFault.exe 3932 WerFault.exe 3932 WerFault.exe 3932 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\kins_1.0.1.0.vir.exe"C:\Users\Admin\AppData\Local\Temp\kins_1.0.1.0.vir.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 5362⤵
- Suspicious use of AdjustPrivilegeToken
- Program crash
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 4962⤵
- Suspicious use of AdjustPrivilegeToken
- Program crash
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 2482⤵
- Program crash