Analysis
-
max time kernel
128s -
max time network
130s -
platform
windows10_x64 -
resource
win10 -
submitted
19-07-2020 17:34
Static task
static1
Behavioral task
behavioral1
Sample
grabbot_0.1.5.0.vir.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
grabbot_0.1.5.0.vir.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
grabbot_0.1.5.0.vir.exe
-
Size
443KB
-
MD5
041928bb86afc5e54bac2cbe6fa082dc
-
SHA1
ebc2f22a30e32152b13fe0911f3b15f682d1ff8e
-
SHA256
f6b75a5605bba229b8d426fbaf789780d46981eb71a01c80d0177f1883930482
-
SHA512
f5d9a0be20b118fb14664c51c87ac8e621b46de21e5d7f6ce7e792df9ee8b3c03a3546e551f6126390475ff23613ed1e24435fdfd8df5e64a0180bfca2383cd7
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3800 3844 WerFault.exe grabbot_0.1.5.0.vir.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 3800 WerFault.exe Token: SeBackupPrivilege 3800 WerFault.exe Token: SeDebugPrivilege 3800 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 3800 WerFault.exe 3800 WerFault.exe 3800 WerFault.exe 3800 WerFault.exe 3800 WerFault.exe 3800 WerFault.exe 3800 WerFault.exe 3800 WerFault.exe 3800 WerFault.exe 3800 WerFault.exe 3800 WerFault.exe 3800 WerFault.exe 3800 WerFault.exe 3800 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\grabbot_0.1.5.0.vir.exe"C:\Users\Admin\AppData\Local\Temp\grabbot_0.1.5.0.vir.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 3122⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses