Analysis
-
max time kernel
18s -
max time network
114s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
11-11-2020 10:53
Static task
static1
Behavioral task
behavioral1
Sample
fdb56b7e346e7261d4c2c2d4875ed044a75960e19a1abc6b035bbdc49698a700.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
fdb56b7e346e7261d4c2c2d4875ed044a75960e19a1abc6b035bbdc49698a700.exe
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
fdb56b7e346e7261d4c2c2d4875ed044a75960e19a1abc6b035bbdc49698a700.exe
-
Size
5.9MB
-
MD5
734d67d23ce6f824cb402fa625563104
-
SHA1
b6f68d89bd4cde4516a3c279d9dccfb80ecdf6a4
-
SHA256
fdb56b7e346e7261d4c2c2d4875ed044a75960e19a1abc6b035bbdc49698a700
-
SHA512
a4a232b0805545a6a5bea592935b25e816e2e8403cee0a4cc1c5c4c450a75f010b998c4bff4d8c1aef0d7c07b6418fa751adcec570e2462dcdcb8d7ad4e34156
Score
10/10
Malware Config
Signatures
-
Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
Processes:
WerFault.exedescription pid process target process PID 4128 created 4708 4128 WerFault.exe fdb56b7e346e7261d4c2c2d4875ed044a75960e19a1abc6b035bbdc49698a700.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4128 4708 WerFault.exe fdb56b7e346e7261d4c2c2d4875ed044a75960e19a1abc6b035bbdc49698a700.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 4128 WerFault.exe 4128 WerFault.exe 4128 WerFault.exe 4128 WerFault.exe 4128 WerFault.exe 4128 WerFault.exe 4128 WerFault.exe 4128 WerFault.exe 4128 WerFault.exe 4128 WerFault.exe 4128 WerFault.exe 4128 WerFault.exe 4128 WerFault.exe 4128 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 4128 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\fdb56b7e346e7261d4c2c2d4875ed044a75960e19a1abc6b035bbdc49698a700.exe"C:\Users\Admin\AppData\Local\Temp\fdb56b7e346e7261d4c2c2d4875ed044a75960e19a1abc6b035bbdc49698a700.exe"1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4708 -s 1722⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken