Analysis
-
max time kernel
110s -
max time network
112s -
platform
windows10_x64 -
resource
win10 -
submitted
29-07-2020 05:23
Static task
static1
Behavioral task
behavioral1
Sample
INQUIRY - 1.exe
Resource
win7v200722
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
INQUIRY - 1.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
INQUIRY - 1.exe
-
Size
566KB
-
MD5
1eb47fc33521f1d2048f1f711c2d397e
-
SHA1
81aadf114b034d534cf41468a57d72c0513b8c5d
-
SHA256
245dab3947c242814248eb6b3fa73560d4082082fc536f9d042c7f41ea99e9c4
-
SHA512
a781bab0c017e475a7063520e2043854d00d1384aa9209f432d516ddee632f601b5366c290db60fd88dff0aca11204efbdf8a0a0a1c884657cd91a1f977e8288
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3796 3832 WerFault.exe INQUIRY - 1.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 3796 WerFault.exe 3796 WerFault.exe 3796 WerFault.exe 3796 WerFault.exe 3796 WerFault.exe 3796 WerFault.exe 3796 WerFault.exe 3796 WerFault.exe 3796 WerFault.exe 3796 WerFault.exe 3796 WerFault.exe 3796 WerFault.exe 3796 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 3796 WerFault.exe Token: SeBackupPrivilege 3796 WerFault.exe Token: SeDebugPrivilege 3796 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\INQUIRY - 1.exe"C:\Users\Admin\AppData\Local\Temp\INQUIRY - 1.exe"1⤵PID:3832
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 9002⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3796