Analysis
-
max time kernel
64s -
max time network
123s -
platform
windows10_x64 -
resource
win10v200722 -
submitted
31-07-2020 10:12
Static task
static1
Behavioral task
behavioral1
Sample
scan copy.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
scan copy.exe
Resource
win10v200722
windows10_x64
0 signatures
0 seconds
General
-
Target
scan copy.exe
-
Size
479KB
-
MD5
439bff3720a10a5edec44dadfd4e53d7
-
SHA1
6d1b8ec46da61b2d690f15169e85deec829d45c3
-
SHA256
e71c74d33683e14022e6d0f0e7a14efcf744c7d4aec03216934dbf17eba9eacb
-
SHA512
034b8e8f0c0b7ce7e7efdc05e897fe42aef3105ed05e430c8a6a9ea5f92eacc26211ce882ac158966f0d06f052f61f2ff25c4edd5a61fdedcc17bdc00c3ea2f4
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4012 60 WerFault.exe scan copy.exe -
Suspicious behavior: EnumeratesProcesses 16 IoCs
Processes:
scan copy.exeWerFault.exepid process 60 scan copy.exe 60 scan copy.exe 60 scan copy.exe 4012 WerFault.exe 4012 WerFault.exe 4012 WerFault.exe 4012 WerFault.exe 4012 WerFault.exe 4012 WerFault.exe 4012 WerFault.exe 4012 WerFault.exe 4012 WerFault.exe 4012 WerFault.exe 4012 WerFault.exe 4012 WerFault.exe 4012 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
scan copy.exeWerFault.exedescription pid process Token: SeDebugPrivilege 60 scan copy.exe Token: SeRestorePrivilege 4012 WerFault.exe Token: SeBackupPrivilege 4012 WerFault.exe Token: SeDebugPrivilege 4012 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\scan copy.exe"C:\Users\Admin\AppData\Local\Temp\scan copy.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 60 -s 11962⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken