Analysis
-
max time kernel
121s -
max time network
119s -
platform
windows10_x64 -
resource
win10 -
submitted
19-07-2020 17:37
Static task
static1
Behavioral task
behavioral1
Sample
grabbot_0.1.5.2.vir.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
grabbot_0.1.5.2.vir.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
grabbot_0.1.5.2.vir.exe
-
Size
340KB
-
MD5
d02f1ff60b9dc441a5fabf9057ba4560
-
SHA1
dc2ea1f7c1b6b5ea6998bcc6f0db745a5531bc43
-
SHA256
42037b4a472ddd39a76b92eb5eadddf373bfffe0d9166996ae6224a0363bc9d3
-
SHA512
4c5f049c5c69580053b7eeb970e5cc976f1f55ebc37890176480a68f6e375fdaee05a5398a1ac5a950eae93318c1a08dda16b5aa3c66364066c422e5c272fef5
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2028 1756 WerFault.exe grabbot_0.1.5.2.vir.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 2028 WerFault.exe Token: SeBackupPrivilege 2028 WerFault.exe Token: SeDebugPrivilege 2028 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 2028 WerFault.exe 2028 WerFault.exe 2028 WerFault.exe 2028 WerFault.exe 2028 WerFault.exe 2028 WerFault.exe 2028 WerFault.exe 2028 WerFault.exe 2028 WerFault.exe 2028 WerFault.exe 2028 WerFault.exe 2028 WerFault.exe 2028 WerFault.exe 2028 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\grabbot_0.1.5.2.vir.exe"C:\Users\Admin\AppData\Local\Temp\grabbot_0.1.5.2.vir.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 3162⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses