Analysis
-
max time kernel
117s -
max time network
152s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
05-10-2021 12:35
Static task
static1
Behavioral task
behavioral1
Sample
daed41395ba663bef2c52e3d1723ac46253a9008b582bb8d9da9cb0044991720.exe
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
daed41395ba663bef2c52e3d1723ac46253a9008b582bb8d9da9cb0044991720.exe
Resource
win10-en-20210920
windows10_x64
0 signatures
0 seconds
General
-
Target
daed41395ba663bef2c52e3d1723ac46253a9008b582bb8d9da9cb0044991720.exe
-
Size
67KB
-
MD5
e6b0276bc3f541d8ff1ebb1b59c8bd29
-
SHA1
295de44a0adbef57c51458978ccd71437aff0bf1
-
SHA256
daed41395ba663bef2c52e3d1723ac46253a9008b582bb8d9da9cb0044991720
-
SHA512
cdc851b9a7dc396384cbd69353f4e594cb3ac80679abfaa9ebf7bf849bca1b2e2c233c9634239e4aaa4e7f02a2af096733bef1b760ae0e6d660918217cecdcee
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2388 1720 WerFault.exe 69 -
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 2388 WerFault.exe 2388 WerFault.exe 2388 WerFault.exe 2388 WerFault.exe 2388 WerFault.exe 2388 WerFault.exe 2388 WerFault.exe 2388 WerFault.exe 2388 WerFault.exe 2388 WerFault.exe 2388 WerFault.exe 2388 WerFault.exe 2388 WerFault.exe 2388 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 2388 WerFault.exe Token: SeBackupPrivilege 2388 WerFault.exe Token: SeDebugPrivilege 2388 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\daed41395ba663bef2c52e3d1723ac46253a9008b582bb8d9da9cb0044991720.exe"C:\Users\Admin\AppData\Local\Temp\daed41395ba663bef2c52e3d1723ac46253a9008b582bb8d9da9cb0044991720.exe"1⤵PID:1720
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 2682⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2388
-