b4cadce114cd67f9c8e852b20be0ab7cb1e60372c59db88042d0cc853f71272b | Triage

Analysis

max time kernel
133s
max time network
147s
platform
windows10_x64
resource
win10
submitted
09-07-2020 12:34

Sharing

Report Analysis Logs

General

Target

b4cadce114cd67f9c8e852b20be0ab7cb1e60372c59db88042d0cc853f71272b.exe
Size

5KB
MD5

3df04716db7e3ec08648ebdf090ca36e
SHA1

ab0c6268c61d9f36996ba7653b3a3e1ede2aee51
SHA256

b4cadce114cd67f9c8e852b20be0ab7cb1e60372c59db88042d0cc853f71272b
SHA512

83c4f2c5aa5ddd512f80b96d523376074268ddcc3b8895c95391635edbca127a16a4ffc340ae4d7f658c862d7dd720ad185464c7796aa08fec699f78057fbfc7

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3788	3588	WerFault.exe	66

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	3788	WerFault.exe
Token: SeBackupPrivilege	3788	WerFault.exe
Token: SeDebugPrivilege	3788	WerFault.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
3788	WerFault.exe
3788	WerFault.exe
3788	WerFault.exe
3788	WerFault.exe
3788	WerFault.exe
3788	WerFault.exe
3788	WerFault.exe
3788	WerFault.exe
3788	WerFault.exe
3788	WerFault.exe
3788	WerFault.exe
3788	WerFault.exe
3788	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\b4cadce114cd67f9c8e852b20be0ab7cb1e60372c59db88042d0cc853f71272b.exe
"C:\Users\Admin\AppData\Local\Temp\b4cadce114cd67f9c8e852b20be0ab7cb1e60372c59db88042d0cc853f71272b.exe"
1⤵
PID:3588
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 1092
  2⤵
  - Program crash
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious behavior: EnumeratesProcesses
  PID:3788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3788-0-0x0000000004EA0000-0x0000000004EA1000-memory.dmp

Filesize
4KB

Download
memory/3788-1-0x00000000054E0000-0x00000000054E1000-memory.dmp

Filesize
4KB

Download