Analysis
-
max time kernel
119s -
max time network
146s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
24-01-2022 00:54
Static task
static1
Behavioral task
behavioral1
Sample
db178a4101dfd5a6cee4518632c8d855270f9b3e83c04d7c75e4d97d378cf842.exe
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
db178a4101dfd5a6cee4518632c8d855270f9b3e83c04d7c75e4d97d378cf842.exe
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
db178a4101dfd5a6cee4518632c8d855270f9b3e83c04d7c75e4d97d378cf842.exe
-
Size
321KB
-
MD5
3155e5c1630e44a2b5db0f5017e27fea
-
SHA1
b5ddd9b21e0dc0f865e29f6e429a5f7e6ece038c
-
SHA256
db178a4101dfd5a6cee4518632c8d855270f9b3e83c04d7c75e4d97d378cf842
-
SHA512
22c76c7987fa85b28d962a31a1462d1c948f6f723b1f7c8dab22bc778717ff704f2143f3c3eb8f62a85c50aeeba4e2e895846e427789f9fac710483fed5fd5de
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 816 2760 WerFault.exe db178a4101dfd5a6cee4518632c8d855270f9b3e83c04d7c75e4d97d378cf842.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
WerFault.exepid process 816 WerFault.exe 816 WerFault.exe 816 WerFault.exe 816 WerFault.exe 816 WerFault.exe 816 WerFault.exe 816 WerFault.exe 816 WerFault.exe 816 WerFault.exe 816 WerFault.exe 816 WerFault.exe 816 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 816 WerFault.exe Token: SeBackupPrivilege 816 WerFault.exe Token: SeDebugPrivilege 816 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\db178a4101dfd5a6cee4518632c8d855270f9b3e83c04d7c75e4d97d378cf842.exe"C:\Users\Admin\AppData\Local\Temp\db178a4101dfd5a6cee4518632c8d855270f9b3e83c04d7c75e4d97d378cf842.exe"1⤵PID:2760
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 2202⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:816