8e929337cda31bcbacba82cc34389646bde95f5738842c90a46d6c06fab26dfb | Triage

Analysis

max time kernel
135s
max time network
66s
platform
windows10_x64
resource
win10v200430
submitted
09/07/2020, 13:43

Sharing

Report Analysis Logs

General

Target

8e929337cda31bcbacba82cc34389646bde95f5738842c90a46d6c06fab26dfb.exe
Size

5KB
MD5

a4b786f0e8fbe5f42af3e29838b3c41e
SHA1

ea818cf3caf4589067a56769e6affb34903879ff
SHA256

8e929337cda31bcbacba82cc34389646bde95f5738842c90a46d6c06fab26dfb
SHA512

98c052dfc986f169e22fdc859610e712cd4276fff5d83664d2c9e26d63e46bc6afa6522bf8ddb64d73d441fb3379c720bfd6502507e2531fd5aa4144a7ead514

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2616	1516	WerFault.exe	65

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2616	WerFault.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\8e929337cda31bcbacba82cc34389646bde95f5738842c90a46d6c06fab26dfb.exe
"C:\Users\Admin\AppData\Local\Temp\8e929337cda31bcbacba82cc34389646bde95f5738842c90a46d6c06fab26dfb.exe"
1⤵
PID:1516
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1516 -s 952
  2⤵
  - Program crash
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious behavior: EnumeratesProcesses
  PID:2616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2616-0-0x000002E363F20000-0x000002E363F21000-memory.dmp

Filesize
4KB

Download
memory/2616-1-0x000002E364D90000-0x000002E364D91000-memory.dmp

Filesize
4KB

Download
memory/2616-2-0x000002E364D90000-0x000002E364D91000-memory.dmp

Filesize
4KB

Download