Analysis
-
max time kernel
144s -
max time network
107s -
platform
windows10_x64 -
resource
win10v200722 -
submitted
31-07-2020 10:19
Static task
static1
Behavioral task
behavioral1
Sample
QUO29393.exe
Resource
win7v200722
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
QUO29393.exe
Resource
win10v200722
windows10_x64
0 signatures
0 seconds
General
-
Target
QUO29393.exe
-
Size
1.1MB
-
MD5
60a03e78b2781f94f1033859b6b9f2fd
-
SHA1
033643dab0f443d8b50b4218d8bbe956e03af6ff
-
SHA256
24a6ec83c1a75f4bfefa0e5df247fbc354cea37c917da05a38e2687b7b26c464
-
SHA512
17c0ab71f9a260e76564d17d8a88ac0ade820c9cdabac9f8fe4f1e24332ab7b407a107ca8e2c563e667d99a51d488c8cb830b197c76c29d52ab25d426411aef4
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3496 3876 WerFault.exe QUO29393.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
QUO29393.exeWerFault.exedescription pid process Token: SeDebugPrivilege 3876 QUO29393.exe Token: SeRestorePrivilege 3496 WerFault.exe Token: SeBackupPrivilege 3496 WerFault.exe Token: SeDebugPrivilege 3496 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 16 IoCs
Processes:
QUO29393.exeWerFault.exepid process 3876 QUO29393.exe 3876 QUO29393.exe 3876 QUO29393.exe 3496 WerFault.exe 3496 WerFault.exe 3496 WerFault.exe 3496 WerFault.exe 3496 WerFault.exe 3496 WerFault.exe 3496 WerFault.exe 3496 WerFault.exe 3496 WerFault.exe 3496 WerFault.exe 3496 WerFault.exe 3496 WerFault.exe 3496 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\QUO29393.exe"C:\Users\Admin\AppData\Local\Temp\QUO29393.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 9682⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses