0638b1723d45eb9fbbf4db0428aeb59b08da4082779c361ae881445ef35bb6d4 | Triage

Analysis

max time kernel
73s
max time network
110s
platform
windows10_x64
resource
win10
submitted
10-07-2020 17:44

Sharing

Report Analysis Logs

General

Target

SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543.exe
Size

288KB
MD5

9d4c81c16699da96cacc73cabaaf9fb4
SHA1

10ff1580fb137006d2e396ee9432ff4a84b409b7
SHA256

0638b1723d45eb9fbbf4db0428aeb59b08da4082779c361ae881445ef35bb6d4
SHA512

9ce9fecf3921ba70e9e0a92400439d842073d1cc5f52e16f06a4c4259622ea42d4314b8700edd7e24a6b34276e29b93eb7100f5a0a6f774048c96a1bdf23b0c0

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3820 2976 WerFault.exe SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543.exe
Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

WerFault.exe

description pid process

Token: SeRestorePrivilege 3820 WerFault.exe
Token: SeBackupPrivilege 3820 WerFault.exe
Token: SeDebugPrivilege 3820 WerFault.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

Processes:

WerFault.exe

pid	process
3820	WerFault.exe
3820	WerFault.exe
3820	WerFault.exe
3820	WerFault.exe
3820	WerFault.exe
3820	WerFault.exe
3820	WerFault.exe
3820	WerFault.exe
3820	WerFault.exe
3820	WerFault.exe
3820	WerFault.exe
3820	WerFault.exe
3820	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543.exe"
1⤵
PID:2976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 1152
2⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:3820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3820-0-0x0000000004D10000-0x0000000004D11000-memory.dmp

Filesize
4KB

Download
memory/3820-2-0x00000000056E0000-0x00000000056E1000-memory.dmp

Filesize
4KB

Download