Analysis
-
max time kernel
85s -
max time network
88s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
26-09-2021 16:25
Static task
static1
Behavioral task
behavioral1
Sample
cejetjwve.txt.jar
Resource
win7-en-20210920
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
cejetjwve.txt.jar
Resource
win10v20210408
0 signatures
0 seconds
General
-
Target
cejetjwve.txt.jar
-
Size
92KB
-
MD5
9f529d816bffd28587755104a62e7ffe
-
SHA1
2ced260d71011c450dab5145881fad5460d00edb
-
SHA256
7bd8097de078f21e7f97dc04fac6ed6a4d7bc042934e2ec179706838303efe2f
-
SHA512
ccb1437c4fc7465bfdd62e5a7556a13f2bbebafe73e6c545a0125fe0289e833928b6c9f61ce36102ea107a6054f6ac738fae81ac068555fc500f1df15ac6baab
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3972 532 WerFault.exe java.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 3972 WerFault.exe 3972 WerFault.exe 3972 WerFault.exe 3972 WerFault.exe 3972 WerFault.exe 3972 WerFault.exe 3972 WerFault.exe 3972 WerFault.exe 3972 WerFault.exe 3972 WerFault.exe 3972 WerFault.exe 3972 WerFault.exe 3972 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 3972 WerFault.exe
Processes
-
C:\ProgramData\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\cejetjwve.txt.jar1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 532 -s 3762⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken