Analysis
-
max time kernel
65s -
max time network
115s -
platform
windows10_x64 -
resource
win10v200722 -
submitted
31-07-2020 13:48
Static task
static1
Behavioral task
behavioral1
Sample
Scanned doc.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Scanned doc.exe
Resource
win10v200722
windows10_x64
0 signatures
0 seconds
General
-
Target
Scanned doc.exe
-
Size
482KB
-
MD5
70cf26be4ca82d7a3e0c7092d02d0520
-
SHA1
33701ba7b7ecec46decec6095dd47eb455f540d6
-
SHA256
a7af597188e3940ae7010e605d11e10b33f48632d2fec2c061c0c46d75c531b1
-
SHA512
50241a5e3863c3c249f00cbfebeabe705509f7cd4a4d2521334959ed0f50694dd8ce105dd3274e038ceb72fc2e22a49f3209f8f163ca2c95c0d10ed96e45376f
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2548 3904 WerFault.exe Scanned doc.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 2548 WerFault.exe 2548 WerFault.exe 2548 WerFault.exe 2548 WerFault.exe 2548 WerFault.exe 2548 WerFault.exe 2548 WerFault.exe 2548 WerFault.exe 2548 WerFault.exe 2548 WerFault.exe 2548 WerFault.exe 2548 WerFault.exe 2548 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 2548 WerFault.exe Token: SeBackupPrivilege 2548 WerFault.exe Token: SeDebugPrivilege 2548 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Scanned doc.exe"C:\Users\Admin\AppData\Local\Temp\Scanned doc.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 11762⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken