8f700076c9355cc2a07b8dcc4136d1364e987eebc063fb2e2b94e9b06989dea5 | Triage

Analysis

max time kernel
147s
max time network
132s
platform
windows10_x64
resource
win10v200430
submitted
08/07/2020, 09:50

Sharing

Report Analysis Logs

General

Target

Szallitasi dokumentumok.bin.exe
Size

774KB
MD5

c909244a405f5617a206942769b327ba
SHA1

cdc5f8c5a87c76d51e6fffadbef2970e03349d70
SHA256

8f700076c9355cc2a07b8dcc4136d1364e987eebc063fb2e2b94e9b06989dea5
SHA512

f239b8ceecef90f5b29758399769cabca3d8a191f7bd4abf0ec66b81a5c58c5680d39a4b6cf27c9e9ceaabbf999c1d2060e0aead44ac81bed7050633aecb78e4

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
588	3692	WerFault.exe	65

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3692	Szallitasi dokumentumok.bin.exe
588	WerFault.exe
588	WerFault.exe
588	WerFault.exe
588	WerFault.exe
588	WerFault.exe
588	WerFault.exe
588	WerFault.exe
588	WerFault.exe
588	WerFault.exe
588	WerFault.exe
588	WerFault.exe
588	WerFault.exe
588	WerFault.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	3692	Szallitasi dokumentumok.bin.exe
Token: SeRestorePrivilege	588	WerFault.exe
Token: SeBackupPrivilege	588	WerFault.exe
Token: SeDebugPrivilege	588	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\Szallitasi dokumentumok.bin.exe
"C:\Users\Admin\AppData\Local\Temp\Szallitasi dokumentumok.bin.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3692
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 940
  2⤵
  - Program crash
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/588-0-0x0000000004A50000-0x0000000004A51000-memory.dmp

Filesize
4KB

Download