Analysis
-
max time kernel
118s -
max time network
165s -
platform
windows7_x64 -
resource
win7-en-20210920 -
submitted
20-10-2021 12:00
Static task
static1
Behavioral task
behavioral1
Sample
104bfff4e7a7f04efd06e865cce96c4d.exe
Resource
win7-en-20210920
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
104bfff4e7a7f04efd06e865cce96c4d.exe
Resource
win10-en-20211014
windows10_x64
0 signatures
0 seconds
General
-
Target
104bfff4e7a7f04efd06e865cce96c4d.exe
-
Size
87KB
-
MD5
104bfff4e7a7f04efd06e865cce96c4d
-
SHA1
f05c8e92b0cc671aa27606347026383cfe179309
-
SHA256
6d22dfb53e173bdd14f24a6e08bd334596c89bd18519bfd5d9e1371991934ae9
-
SHA512
9be13b498850a8223119afa3d8e26b1e1cf15a4dc60a3130120944868c1ab531a7d274bd95caf98594fda249364f02cbc971355358bac1cb08c9423c0980cec4
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 272 2028 WerFault.exe 26 -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 272 WerFault.exe 272 WerFault.exe 272 WerFault.exe 272 WerFault.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 272 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 2028 104bfff4e7a7f04efd06e865cce96c4d.exe Token: SeDebugPrivilege 272 WerFault.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2028 wrote to memory of 272 2028 104bfff4e7a7f04efd06e865cce96c4d.exe 27 PID 2028 wrote to memory of 272 2028 104bfff4e7a7f04efd06e865cce96c4d.exe 27 PID 2028 wrote to memory of 272 2028 104bfff4e7a7f04efd06e865cce96c4d.exe 27 PID 2028 wrote to memory of 272 2028 104bfff4e7a7f04efd06e865cce96c4d.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\104bfff4e7a7f04efd06e865cce96c4d.exe"C:\Users\Admin\AppData\Local\Temp\104bfff4e7a7f04efd06e865cce96c4d.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2028 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 15362⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:272
-