Analysis
-
max time kernel
146s -
max time network
148s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
01-07-2021 07:26
Behavioral task
behavioral1
Sample
37727527fc7208610430018157d71971cee09e2ae2e848b7bc689219c12a000f.exe
Resource
win10v20210408
windows10_x64
0 signatures
0 seconds
General
-
Target
37727527fc7208610430018157d71971cee09e2ae2e848b7bc689219c12a000f.exe
-
Size
344KB
-
MD5
2795d495858af2f86ccb51e79db108d6
-
SHA1
ff84cc722492771d63736b7483695335cc89e1f3
-
SHA256
37727527fc7208610430018157d71971cee09e2ae2e848b7bc689219c12a000f
-
SHA512
3364934397fc80a575f0817460eb3f8f2078f1a20b5edcfb554b1d32ce5eed5cff6af60cfb36eee324a98e3baa7d0894c523d64fb057c00c770f51a9903a447e
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3576 580 WerFault.exe 37727527fc7208610430018157d71971cee09e2ae2e848b7bc689219c12a000f.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 3576 WerFault.exe 3576 WerFault.exe 3576 WerFault.exe 3576 WerFault.exe 3576 WerFault.exe 3576 WerFault.exe 3576 WerFault.exe 3576 WerFault.exe 3576 WerFault.exe 3576 WerFault.exe 3576 WerFault.exe 3576 WerFault.exe 3576 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 3576 WerFault.exe Token: SeBackupPrivilege 3576 WerFault.exe Token: SeDebugPrivilege 3576 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\37727527fc7208610430018157d71971cee09e2ae2e848b7bc689219c12a000f.exe"C:\Users\Admin\AppData\Local\Temp\37727527fc7208610430018157d71971cee09e2ae2e848b7bc689219c12a000f.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 5002⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken