Analysis
-
max time kernel
115s -
max time network
118s -
platform
windows10_x64 -
resource
win10 -
submitted
31-07-2020 10:14
Static task
static1
Behavioral task
behavioral1
Sample
Order confirmation PO 005 07 30 2020.exe
Resource
win7v200722
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Order confirmation PO 005 07 30 2020.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
Order confirmation PO 005 07 30 2020.exe
-
Size
476KB
-
MD5
1094e53b123834f65dbc934ac71c3bd9
-
SHA1
b9b5073ff37c469d5278e11a44e4e6dc616598d5
-
SHA256
a678440e1f830f05b0fac3d40d08457d2358b00534042726fa375955ae02c282
-
SHA512
1a5014a91b5f617863d6464f1804fbb66d24fec293da6b1b9984f6d84142dc2a29eb72a92e396c728d71960919e33a35210a501a64158c7fe1e3d10a9373911f
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3796 3588 WerFault.exe Order confirmation PO 005 07 30 2020.exe -
Suspicious behavior: EnumeratesProcesses 16 IoCs
Processes:
Order confirmation PO 005 07 30 2020.exeWerFault.exepid process 3588 Order confirmation PO 005 07 30 2020.exe 3588 Order confirmation PO 005 07 30 2020.exe 3588 Order confirmation PO 005 07 30 2020.exe 3796 WerFault.exe 3796 WerFault.exe 3796 WerFault.exe 3796 WerFault.exe 3796 WerFault.exe 3796 WerFault.exe 3796 WerFault.exe 3796 WerFault.exe 3796 WerFault.exe 3796 WerFault.exe 3796 WerFault.exe 3796 WerFault.exe 3796 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
Order confirmation PO 005 07 30 2020.exeWerFault.exedescription pid process Token: SeDebugPrivilege 3588 Order confirmation PO 005 07 30 2020.exe Token: SeRestorePrivilege 3796 WerFault.exe Token: SeBackupPrivilege 3796 WerFault.exe Token: SeDebugPrivilege 3796 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Order confirmation PO 005 07 30 2020.exe"C:\Users\Admin\AppData\Local\Temp\Order confirmation PO 005 07 30 2020.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 12002⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken