Analysis
-
max time kernel
65s -
max time network
112s -
platform
windows10_x64 -
resource
win10 -
submitted
31-07-2020 10:04
Static task
static1
Behavioral task
behavioral1
Sample
ATR1.exe
Resource
win7v200722
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
ATR1.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
ATR1.exe
-
Size
574KB
-
MD5
020d56ce7d0a45a896c811550e05ce9d
-
SHA1
814c8ddbc50e9e158e63bdd745d683dcb636c2a6
-
SHA256
06078629129c4bc1abb214bbbe1bfadca65b618ac9f6f93fc3b22d0a37740f5b
-
SHA512
ce565aafb7593d5aa8393a46d27823a90c26e923a15a77252e0be1dbae4845254aa83f35ea44c18964490a7769431aeecffb80052e1f1b5af4b44d8028122dff
Score
3/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
ATR1.exeWerFault.exedescription pid process Token: SeDebugPrivilege 3888 ATR1.exe Token: SeRestorePrivilege 3828 WerFault.exe Token: SeBackupPrivilege 3828 WerFault.exe Token: SeDebugPrivilege 3828 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 16 IoCs
Processes:
ATR1.exeWerFault.exepid process 3888 ATR1.exe 3888 ATR1.exe 3888 ATR1.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe 3828 WerFault.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3828 3888 WerFault.exe ATR1.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ATR1.exe"C:\Users\Admin\AppData\Local\Temp\ATR1.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 12202⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
- Program crash