Analysis
-
max time kernel
136s -
max time network
137s -
platform
windows7_x64 -
resource
win7 -
submitted
25-10-2020 02:33
Static task
static1
Behavioral task
behavioral1
Sample
82319c80d10c34816d768582c48cccc4ed0a8e78d4b6760777aedf8fed2f1720.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
82319c80d10c34816d768582c48cccc4ed0a8e78d4b6760777aedf8fed2f1720.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
82319c80d10c34816d768582c48cccc4ed0a8e78d4b6760777aedf8fed2f1720.exe
-
Size
604KB
-
MD5
9474a43327778c2630d73548bae9f5b2
-
SHA1
dc3f4adf9f30dcd85f26310ebbd922501e65ee3f
-
SHA256
82319c80d10c34816d768582c48cccc4ed0a8e78d4b6760777aedf8fed2f1720
-
SHA512
e4b4119a4855a623b4ce1279be7f78d4f92cc65292aeab1f8051366170728b6393ea2905cd7889559c803416311c82ce50de62aa3c761bc9ee2de73857302e30
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2040 1892 WerFault.exe 82319c80d10c34816d768582c48cccc4ed0a8e78d4b6760777aedf8fed2f1720.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
WerFault.exepid process 2040 WerFault.exe 2040 WerFault.exe 2040 WerFault.exe 2040 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 2040 WerFault.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
82319c80d10c34816d768582c48cccc4ed0a8e78d4b6760777aedf8fed2f1720.exedescription pid process target process PID 1892 wrote to memory of 2040 1892 82319c80d10c34816d768582c48cccc4ed0a8e78d4b6760777aedf8fed2f1720.exe WerFault.exe PID 1892 wrote to memory of 2040 1892 82319c80d10c34816d768582c48cccc4ed0a8e78d4b6760777aedf8fed2f1720.exe WerFault.exe PID 1892 wrote to memory of 2040 1892 82319c80d10c34816d768582c48cccc4ed0a8e78d4b6760777aedf8fed2f1720.exe WerFault.exe PID 1892 wrote to memory of 2040 1892 82319c80d10c34816d768582c48cccc4ed0a8e78d4b6760777aedf8fed2f1720.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\82319c80d10c34816d768582c48cccc4ed0a8e78d4b6760777aedf8fed2f1720.exe"C:\Users\Admin\AppData\Local\Temp\82319c80d10c34816d768582c48cccc4ed0a8e78d4b6760777aedf8fed2f1720.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 962⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken