Analysis
-
max time kernel
141s -
max time network
146s -
platform
windows10_x64 -
resource
win10v200722 -
submitted
31-07-2020 09:59
Static task
static1
Behavioral task
behavioral1
Sample
NEW RFQ..exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
NEW RFQ..exe
Resource
win10v200722
windows10_x64
0 signatures
0 seconds
General
-
Target
NEW RFQ..exe
-
Size
741KB
-
MD5
079e6eb484455032acf3b2fd4c11299d
-
SHA1
7451b2517d7373f7a81c0876fd66bce472321f79
-
SHA256
b681ce953d7122c634acb0c68e4885a7e6d182acfbc43f886160b2796f452d99
-
SHA512
d55f2e77a5288720d0a7d3ddd0a523cd9e6b9fe4855c19eb909f101349bba799e2207ff5ed01c44453cdd35e31e553092ae5081e05f8a0f8db4f5a490581e1b3
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2468 3816 WerFault.exe NEW RFQ..exe -
Suspicious behavior: EnumeratesProcesses 17 IoCs
Processes:
NEW RFQ..exeWerFault.exepid process 3816 NEW RFQ..exe 3816 NEW RFQ..exe 3816 NEW RFQ..exe 2468 WerFault.exe 2468 WerFault.exe 2468 WerFault.exe 2468 WerFault.exe 2468 WerFault.exe 2468 WerFault.exe 2468 WerFault.exe 2468 WerFault.exe 2468 WerFault.exe 2468 WerFault.exe 2468 WerFault.exe 2468 WerFault.exe 2468 WerFault.exe 2468 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
NEW RFQ..exeWerFault.exedescription pid process Token: SeDebugPrivilege 3816 NEW RFQ..exe Token: SeRestorePrivilege 2468 WerFault.exe Token: SeBackupPrivilege 2468 WerFault.exe Token: SeDebugPrivilege 2468 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEW RFQ..exe"C:\Users\Admin\AppData\Local\Temp\NEW RFQ..exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 9682⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken