Analysis
-
max time kernel
121s -
max time network
95s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
04-05-2021 21:23
Behavioral task
behavioral1
Sample
90cfd4b221d0580f8af1548b8c663daf22914218897b7e8cc23c3115d4d2e456.exe
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
90cfd4b221d0580f8af1548b8c663daf22914218897b7e8cc23c3115d4d2e456.exe
Resource
win10v20210408
windows10_x64
0 signatures
0 seconds
General
-
Target
90cfd4b221d0580f8af1548b8c663daf22914218897b7e8cc23c3115d4d2e456.exe
-
Size
2.1MB
-
MD5
6b9413743fad451489c94407419f206a
-
SHA1
ff51bd9570ebb33ca5683590719ab705cf312a74
-
SHA256
90cfd4b221d0580f8af1548b8c663daf22914218897b7e8cc23c3115d4d2e456
-
SHA512
e8ab7a5fe63106e9f7604446c5ee94fdc6a5a15de95cb3aab82e6b3d617db5bfa3b1db88f4e38f2d073022957d9e6627e34c3c5f170758e49e3ab6afe72fe99a
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2004 1820 WerFault.exe 90cfd4b221d0580f8af1548b8c663daf22914218897b7e8cc23c3115d4d2e456.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
WerFault.exepid process 2004 WerFault.exe 2004 WerFault.exe 2004 WerFault.exe 2004 WerFault.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
WerFault.exepid process 2004 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 2004 WerFault.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
90cfd4b221d0580f8af1548b8c663daf22914218897b7e8cc23c3115d4d2e456.exedescription pid process target process PID 1820 wrote to memory of 2004 1820 90cfd4b221d0580f8af1548b8c663daf22914218897b7e8cc23c3115d4d2e456.exe WerFault.exe PID 1820 wrote to memory of 2004 1820 90cfd4b221d0580f8af1548b8c663daf22914218897b7e8cc23c3115d4d2e456.exe WerFault.exe PID 1820 wrote to memory of 2004 1820 90cfd4b221d0580f8af1548b8c663daf22914218897b7e8cc23c3115d4d2e456.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\90cfd4b221d0580f8af1548b8c663daf22914218897b7e8cc23c3115d4d2e456.exe"C:\Users\Admin\AppData\Local\Temp\90cfd4b221d0580f8af1548b8c663daf22914218897b7e8cc23c3115d4d2e456.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1820 -s 722⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken