Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows10_x64 -
resource
win10 -
submitted
19-07-2020 19:46
Static task
static1
Behavioral task
behavioral1
Sample
tasks_152.vir.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
tasks_152.vir.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
tasks_152.vir.exe
-
Size
157KB
-
MD5
f8465c2e372762b793e3e7fbfd7b324b
-
SHA1
c13c715e34744c2edc2ccc053a4674bc6dd630fa
-
SHA256
a07a151e7a4e4514a55d3053b5e5238d36d9763920489d26d3f545134e806739
-
SHA512
0ffb1a0cefa035c1e3463bfa71c107e8ca5291529f3e35ef29ad80536556e5975fec71fd27199d8a3190dc4c9e322e4cf9c73f41a82cb317d0d15071cf402f78
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3228 3932 WerFault.exe tasks_152.vir.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 3228 WerFault.exe Token: SeBackupPrivilege 3228 WerFault.exe Token: SeDebugPrivilege 3228 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 3228 WerFault.exe 3228 WerFault.exe 3228 WerFault.exe 3228 WerFault.exe 3228 WerFault.exe 3228 WerFault.exe 3228 WerFault.exe 3228 WerFault.exe 3228 WerFault.exe 3228 WerFault.exe 3228 WerFault.exe 3228 WerFault.exe 3228 WerFault.exe 3228 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\tasks_152.vir.exe"C:\Users\Admin\AppData\Local\Temp\tasks_152.vir.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 3642⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses