Analysis
-
max time kernel
116s -
max time network
116s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
14-12-2020 14:01
Behavioral task
behavioral1
Sample
25872e2993d1d0523d9306afba1114b3.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
25872e2993d1d0523d9306afba1114b3.exe
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
25872e2993d1d0523d9306afba1114b3.exe
-
Size
120KB
-
MD5
25872e2993d1d0523d9306afba1114b3
-
SHA1
4aaad812d95d7136506849e120022a72ed7f717a
-
SHA256
65c6ebbf7f88eb8b1a52b6e4e6084f6d0d757988341aeb9c88bd468b08593f3b
-
SHA512
a60a51bbd31cf7f742307161aaf206e52dcf8a17b6675a7f9263ab1ae3bf2a14226e208a0f0af3a76b5f576aab55bc5d100093fbf62dc685eeda64bd61ab9d49
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1424 756 WerFault.exe 25872e2993d1d0523d9306afba1114b3.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 1424 WerFault.exe 1424 WerFault.exe 1424 WerFault.exe 1424 WerFault.exe 1424 WerFault.exe 1424 WerFault.exe 1424 WerFault.exe 1424 WerFault.exe 1424 WerFault.exe 1424 WerFault.exe 1424 WerFault.exe 1424 WerFault.exe 1424 WerFault.exe 1424 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 1424 WerFault.exe Token: SeBackupPrivilege 1424 WerFault.exe Token: SeDebugPrivilege 1424 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\25872e2993d1d0523d9306afba1114b3.exe"C:\Users\Admin\AppData\Local\Temp\25872e2993d1d0523d9306afba1114b3.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 2242⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken