Analysis
-
max time kernel
64s -
max time network
112s -
platform
windows10_x64 -
resource
win10v200722 -
submitted
31-07-2020 11:49
Static task
static1
Behavioral task
behavioral1
Sample
Confirmation Copy 11.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Confirmation Copy 11.exe
Resource
win10v200722
windows10_x64
0 signatures
0 seconds
General
-
Target
Confirmation Copy 11.exe
-
Size
520KB
-
MD5
9d317210a5afb36bb85856718b96e1ef
-
SHA1
e5cf4b696cb785b825322f84cf66c299c27f4068
-
SHA256
2ad4a02a1f907b8036b9bea0fd940bfb47435964b23ffae577080823c86500dd
-
SHA512
5d67f53a63d1cd20af6073b16dff41d41922a0b680c041d52364c08528280a399851612cfb7190f96e5788e94eec7d967e53bb4643db06cc475f380a8e02deba
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2936 3712 WerFault.exe Confirmation Copy 11.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 2936 WerFault.exe Token: SeBackupPrivilege 2936 WerFault.exe Token: SeDebugPrivilege 2936 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 2936 WerFault.exe 2936 WerFault.exe 2936 WerFault.exe 2936 WerFault.exe 2936 WerFault.exe 2936 WerFault.exe 2936 WerFault.exe 2936 WerFault.exe 2936 WerFault.exe 2936 WerFault.exe 2936 WerFault.exe 2936 WerFault.exe 2936 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Confirmation Copy 11.exe"C:\Users\Admin\AppData\Local\Temp\Confirmation Copy 11.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 11722⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses