Analysis
-
max time kernel
135s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system -
submitted
18-05-2023 13:37
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
03c3f979feffbf02e7ab9a66f9a1f7b4.exe
Resource
win7-20230220-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
03c3f979feffbf02e7ab9a66f9a1f7b4.exe
Resource
win10v2004-20230221-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
03c3f979feffbf02e7ab9a66f9a1f7b4.exe
-
Size
12KB
-
MD5
03c3f979feffbf02e7ab9a66f9a1f7b4
-
SHA1
826e5038b32c3975821eb8641e484b575fdfa7e9
-
SHA256
f746b0a6d47ddc6b6a03d78a7dca6e61bbb32a35cdf89073cd245eb4662cfbfd
-
SHA512
14451960a5e111d44d58e0660a0d5f1dfcae74046fd595d6e8f758c0d01181141201af0813425e571f2296b9cab2ed314ac2a65d1ba139d4deaf6180b5e9a8ea
-
SSDEEP
192:wMJ0X7yZWu7s3+7DBPSVcWF28A6lJGNyQK+NAA5yQ03826p:wvLygTO7D4qWF28bJHQllm6
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 5004 4812 WerFault.exe 03c3f979feffbf02e7ab9a66f9a1f7b4.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
03c3f979feffbf02e7ab9a66f9a1f7b4.exedescription pid process Token: SeDebugPrivilege 4812 03c3f979feffbf02e7ab9a66f9a1f7b4.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\03c3f979feffbf02e7ab9a66f9a1f7b4.exe"C:\Users\Admin\AppData\Local\Temp\03c3f979feffbf02e7ab9a66f9a1f7b4.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4812 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 16962⤵
- Program crash
PID:5004
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4812 -ip 48121⤵PID:3980