Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows10_x64 -
resource
win10-en-20211014 -
submitted
22-10-2021 11:05
Behavioral task
behavioral1
Sample
5a1c.exe
Resource
win7-en-20210920
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
5a1c.exe
Resource
win10-en-20211014
windows10_x64
0 signatures
0 seconds
General
-
Target
5a1c.exe
-
Size
108KB
-
MD5
040917312e63d02ed23c69d85178b3e9
-
SHA1
cbea11e1b28df2e6a11234f53c953da4e8902063
-
SHA256
5a1c40dee899e7427ea54f9208b2ef97d36c44967cb0bf3451150ee40deb7901
-
SHA512
686ba85b1483827edf16b6ac72c21b774b5fb347558c0de7d487701fd26adc9d862bac9e6ce6de85eea122463c7377ea62943a27044073e6e180a31099b30fea
Score
10/10
Malware Config
Signatures
-
Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
Processes:
WerFault.exedescription pid process target process PID 2888 created 2716 2888 WerFault.exe 5a1c.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2888 2716 WerFault.exe 5a1c.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
WerFault.exepid process 2888 WerFault.exe 2888 WerFault.exe 2888 WerFault.exe 2888 WerFault.exe 2888 WerFault.exe 2888 WerFault.exe 2888 WerFault.exe 2888 WerFault.exe 2888 WerFault.exe 2888 WerFault.exe 2888 WerFault.exe 2888 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 2888 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\5a1c.exe"C:\Users\Admin\AppData\Local\Temp\5a1c.exe"1⤵PID:2716
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2716 -s 10202⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2888