a440dca4a1559d04426c05899989e611bd77d55b3fe00713b70e1b4968c8f61b | Triage

Analysis

max time kernel
135s
max time network
100s
platform
windows10_x64
resource
win10v200430
submitted
30-06-2020 05:57

Sharing

Report Analysis Logs

General

Target

Bank Reciept.exe
Size

209KB
MD5

0207edc8cf65c2e87d4ce3e72cf4ad1f
SHA1

4ddda3e0700098a0dd64c44f78a5e2166b47d395
SHA256

a440dca4a1559d04426c05899989e611bd77d55b3fe00713b70e1b4968c8f61b
SHA512

a58c79ab3781cc4f2e12a563eb3243fe42ee28ad0838af25a41a50308e8dc246192a8471dc7b1edc8af8d48dd8864daa8531c59d8cdccba9f78c1532df838c79

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2184 1516 WerFault.exe Bank Reciept.exe
Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

WerFault.exe

description pid process

Token: SeRestorePrivilege 2184 WerFault.exe
Token: SeBackupPrivilege 2184 WerFault.exe
Token: SeDebugPrivilege 2184 WerFault.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

Processes:

WerFault.exe

pid	process
2184	WerFault.exe
2184	WerFault.exe
2184	WerFault.exe
2184	WerFault.exe
2184	WerFault.exe
2184	WerFault.exe
2184	WerFault.exe
2184	WerFault.exe
2184	WerFault.exe
2184	WerFault.exe
2184	WerFault.exe
2184	WerFault.exe
2184	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\Bank Reciept.exe
"C:\Users\Admin\AppData\Local\Temp\Bank Reciept.exe"
1⤵
PID:1516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 900
2⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:2184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2184-0-0x0000000004950000-0x0000000004951000-memory.dmp

Filesize
4KB

Download
memory/2184-1-0x00000000051B0000-0x00000000051B1000-memory.dmp

Filesize
4KB

Download