Analysis
-
max time kernel
122s -
max time network
124s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
20-12-2021 09:19
Behavioral task
behavioral1
Sample
tmp/b0ab6d300a941e64035a489f12d717bedbd631cdb60094aa40aee9e1bffb2b92.exe
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
tmp/b0ab6d300a941e64035a489f12d717bedbd631cdb60094aa40aee9e1bffb2b92.exe
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
tmp/b0ab6d300a941e64035a489f12d717bedbd631cdb60094aa40aee9e1bffb2b92.exe
-
Size
235KB
-
MD5
44dbd40c248e103e86aeff57f2cb5579
-
SHA1
130124ad1fc46047d76165ee00a96842c97fbba0
-
SHA256
b0ab6d300a941e64035a489f12d717bedbd631cdb60094aa40aee9e1bffb2b92
-
SHA512
100bcff283a831f440d76593e7582d77e44f313b683738f9b0103bea54675292dbaee9849e363bd90dc12f52919f7b38d009e021de8698cbd7569cc6db8d865f
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1212 1536 WerFault.exe b0ab6d300a941e64035a489f12d717bedbd631cdb60094aa40aee9e1bffb2b92.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
WerFault.exepid process 1212 WerFault.exe 1212 WerFault.exe 1212 WerFault.exe 1212 WerFault.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
WerFault.exepid process 1212 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 1212 WerFault.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
b0ab6d300a941e64035a489f12d717bedbd631cdb60094aa40aee9e1bffb2b92.exedescription pid process target process PID 1536 wrote to memory of 1212 1536 b0ab6d300a941e64035a489f12d717bedbd631cdb60094aa40aee9e1bffb2b92.exe WerFault.exe PID 1536 wrote to memory of 1212 1536 b0ab6d300a941e64035a489f12d717bedbd631cdb60094aa40aee9e1bffb2b92.exe WerFault.exe PID 1536 wrote to memory of 1212 1536 b0ab6d300a941e64035a489f12d717bedbd631cdb60094aa40aee9e1bffb2b92.exe WerFault.exe PID 1536 wrote to memory of 1212 1536 b0ab6d300a941e64035a489f12d717bedbd631cdb60094aa40aee9e1bffb2b92.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\tmp\b0ab6d300a941e64035a489f12d717bedbd631cdb60094aa40aee9e1bffb2b92.exe"C:\Users\Admin\AppData\Local\Temp\tmp\b0ab6d300a941e64035a489f12d717bedbd631cdb60094aa40aee9e1bffb2b92.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 482⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken