69896bcd1041c6cc5a3caf6e1e4fd2be566bff0e0f3d3154a0e45ab00cb217f9 | Triage

Analysis

max time kernel
126s
max time network
149s
platform
windows10_x64
resource
win10v200430
submitted
09/07/2020, 13:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

69896bcd1041c6cc5a3caf6e1e4fd2be566bff0e0f3d3154a0e45ab00cb217f9.exe
Size

5KB
MD5

48fbe04ca3f226bdb936773d44c03944
SHA1

5357f048dcf993b9eba56484563158a3fdfaaffa
SHA256

69896bcd1041c6cc5a3caf6e1e4fd2be566bff0e0f3d3154a0e45ab00cb217f9
SHA512

403d409c8ffc3eb8d8a053e617fb638f13ffe05242c44a864bc2df7732f94c1835a1bf9a46ee39f0a8b90fb2a7440ea3d45d6bed0712220ef7f8dca8ce166169

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2836	1612	WerFault.exe	67

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2836	WerFault.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\69896bcd1041c6cc5a3caf6e1e4fd2be566bff0e0f3d3154a0e45ab00cb217f9.exe
"C:\Users\Admin\AppData\Local\Temp\69896bcd1041c6cc5a3caf6e1e4fd2be566bff0e0f3d3154a0e45ab00cb217f9.exe"
1⤵
PID:1612
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1612 -s 972
  2⤵
  - Program crash
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious behavior: EnumeratesProcesses
  PID:2836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2836-0-0x000001FF83810000-0x000001FF83811000-memory.dmp

Filesize
4KB

Download
memory/2836-1-0x000001FF84680000-0x000001FF84681000-memory.dmp

Filesize
4KB

Download
memory/2836-2-0x000001FF84680000-0x000001FF84681000-memory.dmp

Filesize
4KB

Download