Analysis
-
max time kernel
149s -
max time network
69s -
platform
windows10_x64 -
resource
win10v200722 -
submitted
04-08-2020 17:26
Static task
static1
Behavioral task
behavioral1
Sample
fd301dd4e9524517169d7520132018f863c82056c7441ea59c2beb6ad186b25c.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
fd301dd4e9524517169d7520132018f863c82056c7441ea59c2beb6ad186b25c.exe
Resource
win10v200722
windows10_x64
0 signatures
0 seconds
General
-
Target
fd301dd4e9524517169d7520132018f863c82056c7441ea59c2beb6ad186b25c.exe
-
Size
240KB
-
MD5
50a7db1362f5534a1b6adbf9ccbe9d5b
-
SHA1
b13adc442b918f8dd73038ebf1ee491d2ed44110
-
SHA256
fd301dd4e9524517169d7520132018f863c82056c7441ea59c2beb6ad186b25c
-
SHA512
627a39524136b95d4ae4528f45cb131492e84708434153e7f2909dc4609b06c916647adca97090431a4fb7a7df1b530c3ca4094c0ed5b55d1f1567b4bc5e4cb4
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1332 1928 WerFault.exe fd301dd4e9524517169d7520132018f863c82056c7441ea59c2beb6ad186b25c.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 1332 WerFault.exe Token: SeBackupPrivilege 1332 WerFault.exe Token: SeDebugPrivilege 1332 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 1332 WerFault.exe 1332 WerFault.exe 1332 WerFault.exe 1332 WerFault.exe 1332 WerFault.exe 1332 WerFault.exe 1332 WerFault.exe 1332 WerFault.exe 1332 WerFault.exe 1332 WerFault.exe 1332 WerFault.exe 1332 WerFault.exe 1332 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\fd301dd4e9524517169d7520132018f863c82056c7441ea59c2beb6ad186b25c.exe"C:\Users\Admin\AppData\Local\Temp\fd301dd4e9524517169d7520132018f863c82056c7441ea59c2beb6ad186b25c.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 13882⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses