Analysis
-
max time kernel
62s -
max time network
122s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
23-01-2022 09:24
Behavioral task
behavioral1
Sample
1.exe
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
1.exe
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
1.exe
-
Size
184KB
-
MD5
f44612558b731b168cd0d71462fed53e
-
SHA1
8113d350835eeb13ba52907fdd7e95c85eb4e34e
-
SHA256
ea6e111c255db8015bfd19ccb6806941c2fd03157b450887a7ea8ccc2580c47c
-
SHA512
82277b5746aaa19722675dcabcefece89ba993d49a0faac961ab425d7094c1f24ab16a8fc3da110200482a11ab83036c20f70b65cfe97c82a311ae8354b6584e
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1952 2728 WerFault.exe 1.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
WerFault.exepid process 1952 WerFault.exe 1952 WerFault.exe 1952 WerFault.exe 1952 WerFault.exe 1952 WerFault.exe 1952 WerFault.exe 1952 WerFault.exe 1952 WerFault.exe 1952 WerFault.exe 1952 WerFault.exe 1952 WerFault.exe 1952 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 1952 WerFault.exe Token: SeBackupPrivilege 1952 WerFault.exe Token: SeDebugPrivilege 1952 WerFault.exe