Analysis
-
max time kernel
146s -
max time network
139s -
platform
windows10_x64 -
resource
win10v200722 -
submitted
31-07-2020 11:02
Static task
static1
Behavioral task
behavioral1
Sample
Pagamento dell'estratto conto [REF0000360261].exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Pagamento dell'estratto conto [REF0000360261].exe
Resource
win10v200722
windows10_x64
0 signatures
0 seconds
General
-
Target
Pagamento dell'estratto conto [REF0000360261].exe
-
Size
815KB
-
MD5
8b68c742a444062ca535c783116988b9
-
SHA1
8f54bc2727c6f41236de25eebb9e0868ec57d527
-
SHA256
faf12b61374c5f5dff73afa0f1b4084561118358e77ddd44632ba7f40a37ad38
-
SHA512
b9db3d3023be1b8bd4465f2b84d702356510c87bee199b868d070fcf2eb18e960d52513831ae646d5d04a29e0ac888d2ea399ebc14dbebd8c19e5186edb42ba5
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2812 3956 WerFault.exe Pagamento dell'estratto conto [REF0000360261].exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 2812 WerFault.exe 2812 WerFault.exe 2812 WerFault.exe 2812 WerFault.exe 2812 WerFault.exe 2812 WerFault.exe 2812 WerFault.exe 2812 WerFault.exe 2812 WerFault.exe 2812 WerFault.exe 2812 WerFault.exe 2812 WerFault.exe 2812 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 2812 WerFault.exe Token: SeBackupPrivilege 2812 WerFault.exe Token: SeDebugPrivilege 2812 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Pagamento dell'estratto conto [REF0000360261].exe"C:\Users\Admin\AppData\Local\Temp\Pagamento dell'estratto conto [REF0000360261].exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 11722⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken