Analysis
-
max time kernel
10s -
max time network
115s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
25-06-2021 15:06
Static task
static1
Behavioral task
behavioral1
Sample
6daa33fa17b113a10a797fe9fc170e11170549c2ca5eb609f0f9d9f64283abac.bin.exe
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
6daa33fa17b113a10a797fe9fc170e11170549c2ca5eb609f0f9d9f64283abac.bin.exe
Resource
win10v20210410
windows10_x64
0 signatures
0 seconds
General
-
Target
6daa33fa17b113a10a797fe9fc170e11170549c2ca5eb609f0f9d9f64283abac.bin.exe
-
Size
124KB
-
MD5
d337ce3673027b5ada079afeade07a67
-
SHA1
2e1df897475fb1877a4121e488071df3522b5368
-
SHA256
6daa33fa17b113a10a797fe9fc170e11170549c2ca5eb609f0f9d9f64283abac
-
SHA512
03850b843be4655fb45b63693a8d94ee950666fca9b3567cbc380189956b305fd78a706db4ef5efa0d7ea575074d0f60a49ca122fd809ee2001cffc4f050f4b3
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2224 3560 WerFault.exe 6daa33fa17b113a10a797fe9fc170e11170549c2ca5eb609f0f9d9f64283abac.bin.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 2224 WerFault.exe 2224 WerFault.exe 2224 WerFault.exe 2224 WerFault.exe 2224 WerFault.exe 2224 WerFault.exe 2224 WerFault.exe 2224 WerFault.exe 2224 WerFault.exe 2224 WerFault.exe 2224 WerFault.exe 2224 WerFault.exe 2224 WerFault.exe 2224 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 2224 WerFault.exe Token: SeBackupPrivilege 2224 WerFault.exe Token: SeDebugPrivilege 2224 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\6daa33fa17b113a10a797fe9fc170e11170549c2ca5eb609f0f9d9f64283abac.bin.exe"C:\Users\Admin\AppData\Local\Temp\6daa33fa17b113a10a797fe9fc170e11170549c2ca5eb609f0f9d9f64283abac.bin.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 2602⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken