Analysis
-
max time kernel
39s -
max time network
41s -
platform
windows7_x64 -
resource
win7 -
submitted
25-10-2020 17:26
Static task
static1
Behavioral task
behavioral1
Sample
879b24b80b987f27f051d4097a5bb6a2.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
879b24b80b987f27f051d4097a5bb6a2.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
879b24b80b987f27f051d4097a5bb6a2.exe
-
Size
400KB
-
MD5
879b24b80b987f27f051d4097a5bb6a2
-
SHA1
c792ff6eb7b1338cf46607b40bc15664134f159a
-
SHA256
eebc9333049be75082af1cb0c8ecb798bcbea50e4b0208fa97a96c71aa68dc62
-
SHA512
746814b746e4643840c44e928c0516ff8189cef22c791acdc329a4d7414b469fcb05505e555ea0bf09a1087840dc66df1065220b576fb0d7dd9e026936676959
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 600 820 WerFault.exe 879b24b80b987f27f051d4097a5bb6a2.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
WerFault.exepid process 600 WerFault.exe 600 WerFault.exe 600 WerFault.exe 600 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 600 WerFault.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
879b24b80b987f27f051d4097a5bb6a2.exedescription pid process target process PID 820 wrote to memory of 600 820 879b24b80b987f27f051d4097a5bb6a2.exe WerFault.exe PID 820 wrote to memory of 600 820 879b24b80b987f27f051d4097a5bb6a2.exe WerFault.exe PID 820 wrote to memory of 600 820 879b24b80b987f27f051d4097a5bb6a2.exe WerFault.exe PID 820 wrote to memory of 600 820 879b24b80b987f27f051d4097a5bb6a2.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\879b24b80b987f27f051d4097a5bb6a2.exe"C:\Users\Admin\AppData\Local\Temp\879b24b80b987f27f051d4097a5bb6a2.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 820 -s 362⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken