Analysis
-
max time kernel
24s -
max time network
34s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
18-08-2021 21:21
Static task
static1
Behavioral task
behavioral1
Sample
7ec95111e00ce9c19ebf88e9683363390873451b00e0348bca4d80ef1e4b20ed.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
7ec95111e00ce9c19ebf88e9683363390873451b00e0348bca4d80ef1e4b20ed.exe
Resource
win11
Behavioral task
behavioral3
Sample
7ec95111e00ce9c19ebf88e9683363390873451b00e0348bca4d80ef1e4b20ed.exe
Resource
win10v20210408
General
-
Target
7ec95111e00ce9c19ebf88e9683363390873451b00e0348bca4d80ef1e4b20ed.exe
-
Size
22KB
-
MD5
c6b6ec00b64069d66c8d14d65f7cfd8f
-
SHA1
b90e6bf12728fa3b0984aabc32b39f1db082a1da
-
SHA256
7ec95111e00ce9c19ebf88e9683363390873451b00e0348bca4d80ef1e4b20ed
-
SHA512
c9d7c97c63806e87804c33530f48ba950542ba28421d354cb287c9bf027ff5a853b76200e87eadd3cde0469f4b8c93f8c4bc0e71f5e4aa1cdf33e05c0673254a
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3760 1140 WerFault.exe 67 -
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 3760 WerFault.exe 3760 WerFault.exe 3760 WerFault.exe 3760 WerFault.exe 3760 WerFault.exe 3760 WerFault.exe 3760 WerFault.exe 3760 WerFault.exe 3760 WerFault.exe 3760 WerFault.exe 3760 WerFault.exe 3760 WerFault.exe 3760 WerFault.exe 3760 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3760 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7ec95111e00ce9c19ebf88e9683363390873451b00e0348bca4d80ef1e4b20ed.exe"C:\Users\Admin\AppData\Local\Temp\7ec95111e00ce9c19ebf88e9683363390873451b00e0348bca4d80ef1e4b20ed.exe"1⤵PID:1140
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1140 -s 1522⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3760
-