Analysis
-
max time kernel
118s -
max time network
130s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
28-01-2022 18:57
Static task
static1
Behavioral task
behavioral1
Sample
add67e3a4531d237e3c2b581c4f3eab46209a611ee73fd16758c5fb2cbb842bb.exe
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
add67e3a4531d237e3c2b581c4f3eab46209a611ee73fd16758c5fb2cbb842bb.exe
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
add67e3a4531d237e3c2b581c4f3eab46209a611ee73fd16758c5fb2cbb842bb.exe
-
Size
137KB
-
MD5
d40a530582e67ed1e8f7fa46cd4049d6
-
SHA1
be823739d4107ba476b0474c3ec2b2ba9e27e974
-
SHA256
add67e3a4531d237e3c2b581c4f3eab46209a611ee73fd16758c5fb2cbb842bb
-
SHA512
11125b959af3918ce0f46e08325706ae6c9a380019b93fa548f102c3d0aa32dbb9a37f285f8754785dc067a24fc311f6454187c9fcb2d39439aadbf5854178a6
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1916 980 WerFault.exe add67e3a4531d237e3c2b581c4f3eab46209a611ee73fd16758c5fb2cbb842bb.exe -
Suspicious behavior: EnumeratesProcesses 5 IoCs
Processes:
add67e3a4531d237e3c2b581c4f3eab46209a611ee73fd16758c5fb2cbb842bb.exeWerFault.exepid process 980 add67e3a4531d237e3c2b581c4f3eab46209a611ee73fd16758c5fb2cbb842bb.exe 1916 WerFault.exe 1916 WerFault.exe 1916 WerFault.exe 1916 WerFault.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
WerFault.exepid process 1916 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 1916 WerFault.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
add67e3a4531d237e3c2b581c4f3eab46209a611ee73fd16758c5fb2cbb842bb.exedescription pid process target process PID 980 wrote to memory of 1916 980 add67e3a4531d237e3c2b581c4f3eab46209a611ee73fd16758c5fb2cbb842bb.exe WerFault.exe PID 980 wrote to memory of 1916 980 add67e3a4531d237e3c2b581c4f3eab46209a611ee73fd16758c5fb2cbb842bb.exe WerFault.exe PID 980 wrote to memory of 1916 980 add67e3a4531d237e3c2b581c4f3eab46209a611ee73fd16758c5fb2cbb842bb.exe WerFault.exe PID 980 wrote to memory of 1916 980 add67e3a4531d237e3c2b581c4f3eab46209a611ee73fd16758c5fb2cbb842bb.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\add67e3a4531d237e3c2b581c4f3eab46209a611ee73fd16758c5fb2cbb842bb.exe"C:\Users\Admin\AppData\Local\Temp\add67e3a4531d237e3c2b581c4f3eab46209a611ee73fd16758c5fb2cbb842bb.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 1802⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken