Analysis
-
max time kernel
133s -
max time network
135s -
platform
windows10_x64 -
resource
win10v200722 -
submitted
31-07-2020 12:12
Static task
static1
Behavioral task
behavioral1
Sample
AWB.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
AWB.exe
Resource
win10v200722
windows10_x64
0 signatures
0 seconds
General
-
Target
AWB.exe
-
Size
789KB
-
MD5
00e07fbc04097cb40012208c6d59961f
-
SHA1
965e3a6594cba057b116b9f53aabd8976d815058
-
SHA256
2e5adc24258e0aae79b688b0310985210ab03bffb789da8c80f5d2172e0ff323
-
SHA512
85cf5e27a27f3ba2e6dd18f86c06eb3cbc7414ce9b8998a4b1ee3b20c9141e05347dd6cf220923d606f5e3a5650f91c065f1bf40d7fbc6c145414dfda937449f
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3596 4028 WerFault.exe AWB.exe -
Suspicious behavior: EnumeratesProcesses 16 IoCs
Processes:
AWB.exeWerFault.exepid process 4028 AWB.exe 4028 AWB.exe 4028 AWB.exe 3596 WerFault.exe 3596 WerFault.exe 3596 WerFault.exe 3596 WerFault.exe 3596 WerFault.exe 3596 WerFault.exe 3596 WerFault.exe 3596 WerFault.exe 3596 WerFault.exe 3596 WerFault.exe 3596 WerFault.exe 3596 WerFault.exe 3596 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
AWB.exeWerFault.exedescription pid process Token: SeDebugPrivilege 4028 AWB.exe Token: SeRestorePrivilege 3596 WerFault.exe Token: SeBackupPrivilege 3596 WerFault.exe Token: SeDebugPrivilege 3596 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\AWB.exe"C:\Users\Admin\AppData\Local\Temp\AWB.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 9682⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken