a6e37f96da16a4f2be724e41fb5aa0ddcb75ba281b2dcf2077779592ab0ed5bb | Triage

Analysis

max time kernel
67s
max time network
89s
platform
windows10_x64
resource
win10
submitted
07/07/2020, 08:27

Sharing

Report Analysis Logs

General

Target

Facturas Pagadas al Vencimiento 2.bat.exe
Size

508KB
MD5

93873ad64ae56bcd5eb73cf3f5495c39
SHA1

af6f2ea498166aae38a363c87e9af905b19ccb59
SHA256

a6e37f96da16a4f2be724e41fb5aa0ddcb75ba281b2dcf2077779592ab0ed5bb
SHA512

21253a63dc8788a841effcecb445930e811974e26e01b4bb490905cc5e8066dd2f41307b6674a94788971337d615b3e05feebbfab0b5528b117e171425416d96

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3216	3536	WerFault.exe	66

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
3216	WerFault.exe
3216	WerFault.exe
3216	WerFault.exe
3216	WerFault.exe
3216	WerFault.exe
3216	WerFault.exe
3216	WerFault.exe
3216	WerFault.exe
3216	WerFault.exe
3216	WerFault.exe
3216	WerFault.exe
3216	WerFault.exe
3216	WerFault.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	3216	WerFault.exe
Token: SeBackupPrivilege	3216	WerFault.exe
Token: SeDebugPrivilege	3216	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\Facturas Pagadas al Vencimiento 2.bat.exe
"C:\Users\Admin\AppData\Local\Temp\Facturas Pagadas al Vencimiento 2.bat.exe"
1⤵
PID:3536
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 936
  2⤵
  - Program crash
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3216-0-0x0000000004EE0000-0x0000000004EE1000-memory.dmp

Filesize
4KB

Download
memory/3216-1-0x0000000004EE0000-0x0000000004EE1000-memory.dmp

Filesize
4KB

Download