Analysis
-
max time kernel
100s -
max time network
102s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
28-09-2021 10:47
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.jar
Resource
win7-en-20210920
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Quotation.jar
Resource
win10v20210408
windows10_x64
0 signatures
0 seconds
General
-
Target
Quotation.jar
-
Size
184KB
-
MD5
8eab8f1a928fa55303b7558536079a2a
-
SHA1
491e913225a8c8d144c538fe27cf62f5a8465b38
-
SHA256
20351665df8b2d441524a21163e0aa95ea3d3805a873032eb6f55fa1001f3941
-
SHA512
886928d68f14c012186872429739d1317350f329e5afa4ec820779e7f312d776433e8926000f522a3393e2ad454779eee1245ba266226bd0c8421f1fb97ba4a0
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1160 804 WerFault.exe java.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 1160 WerFault.exe 1160 WerFault.exe 1160 WerFault.exe 1160 WerFault.exe 1160 WerFault.exe 1160 WerFault.exe 1160 WerFault.exe 1160 WerFault.exe 1160 WerFault.exe 1160 WerFault.exe 1160 WerFault.exe 1160 WerFault.exe 1160 WerFault.exe 1160 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 1160 WerFault.exe
Processes
-
C:\ProgramData\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\Quotation.jar1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 804 -s 3762⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken