Analysis
-
max time kernel
121s -
max time network
150s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
28-01-2022 17:23
Static task
static1
Behavioral task
behavioral1
Sample
674ad8128d17418474a2b4615da81c935d4d7f9c.exe
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
674ad8128d17418474a2b4615da81c935d4d7f9c.exe
-
Size
160KB
-
MD5
9716372508103ef6a050c0de6685c3a1
-
SHA1
674ad8128d17418474a2b4615da81c935d4d7f9c
-
SHA256
ae9600cb391f447933e29069ca3000bb61a005d58fe14eb84fd830403221e48f
-
SHA512
6738de8f90602772486519971669c96a180d11a523c2870b34e94d93e5c5171769c26459d93cf220b44a6924b01aff485e9e4f1dddc817cb758992575ab62aed
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1280 2504 WerFault.exe 674ad8128d17418474a2b4615da81c935d4d7f9c.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
WerFault.exepid process 1280 WerFault.exe 1280 WerFault.exe 1280 WerFault.exe 1280 WerFault.exe 1280 WerFault.exe 1280 WerFault.exe 1280 WerFault.exe 1280 WerFault.exe 1280 WerFault.exe 1280 WerFault.exe 1280 WerFault.exe 1280 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 1280 WerFault.exe Token: SeBackupPrivilege 1280 WerFault.exe Token: SeDebugPrivilege 1280 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\674ad8128d17418474a2b4615da81c935d4d7f9c.exe"C:\Users\Admin\AppData\Local\Temp\674ad8128d17418474a2b4615da81c935d4d7f9c.exe"1⤵PID:2504
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 2322⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1280