Analysis
-
max time kernel
13s -
max time network
125s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
22-06-2021 14:39
Behavioral task
behavioral1
Sample
a4fd3a9c179649e84eb91e64fc3d75f7057f4e16402b10070a9e4d2c14ee11ec.exe
Resource
win10v20210410
windows10_x64
0 signatures
0 seconds
General
-
Target
a4fd3a9c179649e84eb91e64fc3d75f7057f4e16402b10070a9e4d2c14ee11ec.exe
-
Size
316KB
-
MD5
ba747bdea3e6b32f017f195b1bb9d868
-
SHA1
a03a3a6699c017387e3080a1edf498fc3fcc71d2
-
SHA256
a4fd3a9c179649e84eb91e64fc3d75f7057f4e16402b10070a9e4d2c14ee11ec
-
SHA512
636e88f175a958ebe114de616468c0c77307509507e10204d0a879d2c4cb03ddc0f20ce5fc513b448a3e8939b86838e9bdab01c474a41c518bc4c3b577492d3d
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3672 3540 WerFault.exe a4fd3a9c179649e84eb91e64fc3d75f7057f4e16402b10070a9e4d2c14ee11ec.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 3672 WerFault.exe 3672 WerFault.exe 3672 WerFault.exe 3672 WerFault.exe 3672 WerFault.exe 3672 WerFault.exe 3672 WerFault.exe 3672 WerFault.exe 3672 WerFault.exe 3672 WerFault.exe 3672 WerFault.exe 3672 WerFault.exe 3672 WerFault.exe 3672 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 3672 WerFault.exe Token: SeBackupPrivilege 3672 WerFault.exe Token: SeDebugPrivilege 3672 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a4fd3a9c179649e84eb91e64fc3d75f7057f4e16402b10070a9e4d2c14ee11ec.exe"C:\Users\Admin\AppData\Local\Temp\a4fd3a9c179649e84eb91e64fc3d75f7057f4e16402b10070a9e4d2c14ee11ec.exe"1⤵PID:3540
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 5122⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3672