77b7fa89c446b127b0c1d8ad0c5dc5fb57c8121dd3c40a67b77e5c0a35d75114 | Triage

Analysis

max time kernel
137s
max time network
139s
platform
windows10_x64
resource
win10v200430
submitted
16-06-2020 20:51

Sharing

Report Analysis Logs

General

Target

B3gkHhPlWv3DOsB.exe
Size

845KB
MD5

35a5963bfb1fa8b5e3851378959ac522
SHA1

b1c035b8221c06e14311eda738df7e28a6559514
SHA256

77b7fa89c446b127b0c1d8ad0c5dc5fb57c8121dd3c40a67b77e5c0a35d75114
SHA512

851bd78e047d34a27f532e808bbe6e27cc9b7e09a39bd26ed69b121f9b377a85a381e50f73d8b1775987d7582300b963cf7be119e9cb7334d490d21dacdddd80

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2748	1492	WerFault.exe	67

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	2748	WerFault.exe
Token: SeBackupPrivilege	2748	WerFault.exe
Token: SeDebugPrivilege	2748	WerFault.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
2748	WerFault.exe
2748	WerFault.exe
2748	WerFault.exe
2748	WerFault.exe
2748	WerFault.exe
2748	WerFault.exe
2748	WerFault.exe
2748	WerFault.exe
2748	WerFault.exe
2748	WerFault.exe
2748	WerFault.exe
2748	WerFault.exe
2748	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\B3gkHhPlWv3DOsB.exe
"C:\Users\Admin\AppData\Local\Temp\B3gkHhPlWv3DOsB.exe"
1⤵
PID:1492
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 944
  2⤵
  - Program crash
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious behavior: EnumeratesProcesses
  PID:2748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2748-0-0x0000000004F70000-0x0000000004F71000-memory.dmp

Filesize
4KB

Download
memory/2748-1-0x00000000054B0000-0x00000000054B1000-memory.dmp

Filesize
4KB

Download