Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
19-07-2020 17:16
Static task
static1
Behavioral task
behavioral1
Sample
tasks_166.vir.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
tasks_166.vir.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
tasks_166.vir.exe
-
Size
169KB
-
MD5
ef7f0c98fba6735e559b5190705a5116
-
SHA1
b29f63f03879b4dedefdd10f4c651c69506831e7
-
SHA256
068edc2dfe9430a15b84d3f941d2c9afbf95221e92580668d03dfeca2401b8ca
-
SHA512
1cd9f7446b91aac57cfdc057fc98e178d3b4a8d96033a4791ba6f13137c5c05097624d79ad5ba1c5a441d4906dd4174d2573697a8409e1b15d00f1b63692bc30
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 516 3932 WerFault.exe tasks_166.vir.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 516 WerFault.exe Token: SeBackupPrivilege 516 WerFault.exe Token: SeDebugPrivilege 516 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 516 WerFault.exe 516 WerFault.exe 516 WerFault.exe 516 WerFault.exe 516 WerFault.exe 516 WerFault.exe 516 WerFault.exe 516 WerFault.exe 516 WerFault.exe 516 WerFault.exe 516 WerFault.exe 516 WerFault.exe 516 WerFault.exe -
Enumerates system info in registry 2 TTPs 1 IoCs
Processes:
tasks_166.vir.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier tasks_166.vir.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\tasks_166.vir.exe"C:\Users\Admin\AppData\Local\Temp\tasks_166.vir.exe"1⤵
- Enumerates system info in registry
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 4122⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses