Analysis
-
max time kernel
88s -
max time network
150s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
01-07-2021 07:42
Behavioral task
behavioral1
Sample
8a8cd7824d6bede7839645a38bfbdfb4363f71c8b2d8c56c71ecc10af567317e.exe
Resource
win10v20210410
windows10_x64
0 signatures
0 seconds
General
-
Target
8a8cd7824d6bede7839645a38bfbdfb4363f71c8b2d8c56c71ecc10af567317e.exe
-
Size
345KB
-
MD5
01e82a61ffa7ad78a936e463b50a0d70
-
SHA1
b9a1849ec3946f323e049bd7a12b9f4873bb8de6
-
SHA256
8a8cd7824d6bede7839645a38bfbdfb4363f71c8b2d8c56c71ecc10af567317e
-
SHA512
38b41391ffd8e182d63586d976cb2f48c5c8ec4bac5558c547dc6e4ce77e750a305f46acc1ac41d3c1904b89694421e01281270b376aea4027b353019c458134
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3668 3156 WerFault.exe 8a8cd7824d6bede7839645a38bfbdfb4363f71c8b2d8c56c71ecc10af567317e.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 3668 WerFault.exe 3668 WerFault.exe 3668 WerFault.exe 3668 WerFault.exe 3668 WerFault.exe 3668 WerFault.exe 3668 WerFault.exe 3668 WerFault.exe 3668 WerFault.exe 3668 WerFault.exe 3668 WerFault.exe 3668 WerFault.exe 3668 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 3668 WerFault.exe Token: SeBackupPrivilege 3668 WerFault.exe Token: SeDebugPrivilege 3668 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\8a8cd7824d6bede7839645a38bfbdfb4363f71c8b2d8c56c71ecc10af567317e.exe"C:\Users\Admin\AppData\Local\Temp\8a8cd7824d6bede7839645a38bfbdfb4363f71c8b2d8c56c71ecc10af567317e.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 5042⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken