Analysis
-
max time kernel
142s -
max time network
150s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
01-07-2021 07:26
Behavioral task
behavioral1
Sample
079f95acf91ef18ac883cb6d96ebaf6e390a952559b99f4b0934f9b1aa8c4057.exe
Resource
win10v20210408
windows10_x64
0 signatures
0 seconds
General
-
Target
079f95acf91ef18ac883cb6d96ebaf6e390a952559b99f4b0934f9b1aa8c4057.exe
-
Size
344KB
-
MD5
f63f2bde94a21a0ab1181097f4419bda
-
SHA1
37caa3b72ee3840f6987fdf0f934d70590e2b9f6
-
SHA256
079f95acf91ef18ac883cb6d96ebaf6e390a952559b99f4b0934f9b1aa8c4057
-
SHA512
6733b18114bcc78d4ad37a996233d01957bec0ab3ffbfbaf3db8ee33bc9ead2a6e9c9008e81d47d4bb794bc0e32bb60e1aac573dd572787a3dc69db768458ac6
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1392 3728 WerFault.exe 079f95acf91ef18ac883cb6d96ebaf6e390a952559b99f4b0934f9b1aa8c4057.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 1392 WerFault.exe 1392 WerFault.exe 1392 WerFault.exe 1392 WerFault.exe 1392 WerFault.exe 1392 WerFault.exe 1392 WerFault.exe 1392 WerFault.exe 1392 WerFault.exe 1392 WerFault.exe 1392 WerFault.exe 1392 WerFault.exe 1392 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 1392 WerFault.exe Token: SeBackupPrivilege 1392 WerFault.exe Token: SeDebugPrivilege 1392 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\079f95acf91ef18ac883cb6d96ebaf6e390a952559b99f4b0934f9b1aa8c4057.exe"C:\Users\Admin\AppData\Local\Temp\079f95acf91ef18ac883cb6d96ebaf6e390a952559b99f4b0934f9b1aa8c4057.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 5002⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken