Analysis
-
max time kernel
87s -
max time network
150s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
30-06-2021 22:48
Behavioral task
behavioral1
Sample
82023a1007aaa834a4b26e2616955214d6bd512182ffa56f3d8824d299fe756b.exe
Resource
win10v20210410
windows10_x64
0 signatures
0 seconds
General
-
Target
82023a1007aaa834a4b26e2616955214d6bd512182ffa56f3d8824d299fe756b.exe
-
Size
345KB
-
MD5
4c2f259f13ef4aff1306730bcd86d13b
-
SHA1
f51d9036413c7fb4fb4d545f85c37e084023e9d5
-
SHA256
82023a1007aaa834a4b26e2616955214d6bd512182ffa56f3d8824d299fe756b
-
SHA512
aa2b0c3000902e8ad05df3910c9d51c6c61322a6d46bd754cc01295479d0317e38c8f13e5dbe03fad76dac542bfa2b50d708f3abe39897c2d671e5223129c321
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3416 3972 WerFault.exe 82023a1007aaa834a4b26e2616955214d6bd512182ffa56f3d8824d299fe756b.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 3416 WerFault.exe 3416 WerFault.exe 3416 WerFault.exe 3416 WerFault.exe 3416 WerFault.exe 3416 WerFault.exe 3416 WerFault.exe 3416 WerFault.exe 3416 WerFault.exe 3416 WerFault.exe 3416 WerFault.exe 3416 WerFault.exe 3416 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 3416 WerFault.exe Token: SeBackupPrivilege 3416 WerFault.exe Token: SeDebugPrivilege 3416 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\82023a1007aaa834a4b26e2616955214d6bd512182ffa56f3d8824d299fe756b.exe"C:\Users\Admin\AppData\Local\Temp\82023a1007aaa834a4b26e2616955214d6bd512182ffa56f3d8824d299fe756b.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 5002⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken