Analysis
-
max time kernel
93s -
max time network
111s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
08-11-2020 14:26
Static task
static1
Behavioral task
behavioral1
Sample
fc73b896f01eb831e522110ad5c2e8f374d69358faa2386fdece9c17c443ce38.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
fc73b896f01eb831e522110ad5c2e8f374d69358faa2386fdece9c17c443ce38.exe
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
fc73b896f01eb831e522110ad5c2e8f374d69358faa2386fdece9c17c443ce38.exe
-
Size
332KB
-
MD5
a4ceacd31ac62ad74364d4d6d6636b8f
-
SHA1
65067f308205376e56ec7aa24b9ef3f6d63a56d0
-
SHA256
fc73b896f01eb831e522110ad5c2e8f374d69358faa2386fdece9c17c443ce38
-
SHA512
269a5cbe28c0ee1561510cc0a04abd50057453b99977b41517ab2e4d8db302cf1ad9a1263475fb682d15bc672e8fc27a693a4dc19027abeb1517da99c044b237
Score
10/10
Malware Config
Signatures
-
Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
Processes:
WerFault.exedescription pid process target process PID 3368 created 656 3368 WerFault.exe fc73b896f01eb831e522110ad5c2e8f374d69358faa2386fdece9c17c443ce38.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3368 656 WerFault.exe fc73b896f01eb831e522110ad5c2e8f374d69358faa2386fdece9c17c443ce38.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 3368 WerFault.exe 3368 WerFault.exe 3368 WerFault.exe 3368 WerFault.exe 3368 WerFault.exe 3368 WerFault.exe 3368 WerFault.exe 3368 WerFault.exe 3368 WerFault.exe 3368 WerFault.exe 3368 WerFault.exe 3368 WerFault.exe 3368 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 3368 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\fc73b896f01eb831e522110ad5c2e8f374d69358faa2386fdece9c17c443ce38.exe"C:\Users\Admin\AppData\Local\Temp\fc73b896f01eb831e522110ad5c2e8f374d69358faa2386fdece9c17c443ce38.exe"1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 656 -s 17722⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken