b2bf5cc24050b609b045aaa7645d9e336147eee99360ec3865cafba0ed671737 | Triage

Analysis

max time kernel
73s
max time network
126s
platform
windows10_x64
resource
win10
submitted
09-07-2020 13:45

Sharing

Report Analysis Logs

General

Target

0319dc03d20abc2a5c7d454d790180fa124c8683b2518863c4ff71294d2a5128~.exe
Size

5KB
MD5

bcaf5027213627916544e5c456b9fd9a
SHA1

c8098798fa629b3f2725198c8c7199f7e5fa6b29
SHA256

b2bf5cc24050b609b045aaa7645d9e336147eee99360ec3865cafba0ed671737
SHA512

ce7681fbc3618b1649eb4b9e0db15c54ca20fa870493359ddda3b188c3411420d15b67ae4a8af6a92edbbfcb5a11f47bacd82803dad3170ca0102b9069f46391

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3936	3788	WerFault.exe	66

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3936	WerFault.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
3936	WerFault.exe
3936	WerFault.exe
3936	WerFault.exe
3936	WerFault.exe
3936	WerFault.exe
3936	WerFault.exe
3936	WerFault.exe
3936	WerFault.exe
3936	WerFault.exe
3936	WerFault.exe
3936	WerFault.exe
3936	WerFault.exe
3936	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\0319dc03d20abc2a5c7d454d790180fa124c8683b2518863c4ff71294d2a5128~.exe
"C:\Users\Admin\AppData\Local\Temp\0319dc03d20abc2a5c7d454d790180fa124c8683b2518863c4ff71294d2a5128~.exe"
1⤵
PID:3788
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3788 -s 988
  2⤵
  - Program crash
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious behavior: EnumeratesProcesses
  PID:3936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3936-0-0x0000017E55140000-0x0000017E55141000-memory.dmp

Filesize
4KB

Download
memory/3936-1-0x0000017E55E80000-0x0000017E55E81000-memory.dmp

Filesize
4KB

Download
memory/3936-2-0x0000017E55E80000-0x0000017E55E81000-memory.dmp

Filesize
4KB

Download