Analysis
-
max time kernel
119s -
max time network
121s -
platform
windows10_x64 -
resource
win10 -
submitted
31-07-2020 09:58
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE ORDER.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
PURCHASE ORDER.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
PURCHASE ORDER.exe
-
Size
480KB
-
MD5
68a39c3c66241675061f8d052c6fe4e7
-
SHA1
4cf37ba99dd0a55045c2985b37a5fe64ef363120
-
SHA256
f5bc5555d6b03bad237a916d07e05148d44cae649e932726a15ea1595fa60f4b
-
SHA512
38318fc371040bdcdc6bd313b57b5e26eb7cec31b62e0d36882cb105cd3d6d7adb2dedc995b257a21589201be4ade904dd7d3b09f5e26d1062767eb97f542d39
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4036 748 WerFault.exe PURCHASE ORDER.exe -
Suspicious behavior: EnumeratesProcesses 16 IoCs
Processes:
PURCHASE ORDER.exeWerFault.exepid process 748 PURCHASE ORDER.exe 748 PURCHASE ORDER.exe 748 PURCHASE ORDER.exe 4036 WerFault.exe 4036 WerFault.exe 4036 WerFault.exe 4036 WerFault.exe 4036 WerFault.exe 4036 WerFault.exe 4036 WerFault.exe 4036 WerFault.exe 4036 WerFault.exe 4036 WerFault.exe 4036 WerFault.exe 4036 WerFault.exe 4036 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
PURCHASE ORDER.exeWerFault.exedescription pid process Token: SeDebugPrivilege 748 PURCHASE ORDER.exe Token: SeRestorePrivilege 4036 WerFault.exe Token: SeBackupPrivilege 4036 WerFault.exe Token: SeDebugPrivilege 4036 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\PURCHASE ORDER.exe"C:\Users\Admin\AppData\Local\Temp\PURCHASE ORDER.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 12002⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken