Analysis
-
max time kernel
122s -
max time network
131s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
28-01-2022 17:23
Static task
static1
Behavioral task
behavioral1
Sample
a26e215a307069487644e70164a0cd8d69b40b0c.exe
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
a26e215a307069487644e70164a0cd8d69b40b0c.exe
-
Size
157KB
-
MD5
b6f6a416704bcf744096648bb11f829f
-
SHA1
a26e215a307069487644e70164a0cd8d69b40b0c
-
SHA256
9a289ae036b2fdac5cf0873095a3578cedc5323d27a9995a9651a5388bcd76f9
-
SHA512
ed26c1fe5bc0874a4ff7f57f25cc0b3e5cc39162002f53b401c510bdb8fd70c96978c95ae8d364f71af23a92eb40fa97219bd057c9741e529df234b897b871eb
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 660 2784 WerFault.exe a26e215a307069487644e70164a0cd8d69b40b0c.exe -
Suspicious behavior: EnumeratesProcesses 11 IoCs
Processes:
WerFault.exepid process 660 WerFault.exe 660 WerFault.exe 660 WerFault.exe 660 WerFault.exe 660 WerFault.exe 660 WerFault.exe 660 WerFault.exe 660 WerFault.exe 660 WerFault.exe 660 WerFault.exe 660 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 660 WerFault.exe Token: SeBackupPrivilege 660 WerFault.exe Token: SeDebugPrivilege 660 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a26e215a307069487644e70164a0cd8d69b40b0c.exe"C:\Users\Admin\AppData\Local\Temp\a26e215a307069487644e70164a0cd8d69b40b0c.exe"1⤵PID:2784
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 2322⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:660