0638b1723d45eb9fbbf4db0428aeb59b08da4082779c361ae881445ef35bb6d4 | Triage

Analysis

max time kernel
73s
max time network
110s
platform
windows10_x64
resource
win10
submitted
10-07-2020 17:44

Sharing

Report Analysis Logs

General

Target

SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543.exe
Size

288KB
MD5

9d4c81c16699da96cacc73cabaaf9fb4
SHA1

10ff1580fb137006d2e396ee9432ff4a84b409b7
SHA256

0638b1723d45eb9fbbf4db0428aeb59b08da4082779c361ae881445ef35bb6d4
SHA512

9ce9fecf3921ba70e9e0a92400439d842073d1cc5f52e16f06a4c4259622ea42d4314b8700edd7e24a6b34276e29b93eb7100f5a0a6f774048c96a1bdf23b0c0

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3820	2976	WerFault.exe	66

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	3820	WerFault.exe
Token: SeBackupPrivilege	3820	WerFault.exe
Token: SeDebugPrivilege	3820	WerFault.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
3820	WerFault.exe
3820	WerFault.exe
3820	WerFault.exe
3820	WerFault.exe
3820	WerFault.exe
3820	WerFault.exe
3820	WerFault.exe
3820	WerFault.exe
3820	WerFault.exe
3820	WerFault.exe
3820	WerFault.exe
3820	WerFault.exe
3820	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543.exe"
1⤵
PID:2976
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 1152
  2⤵
  - Program crash
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious behavior: EnumeratesProcesses
  PID:3820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3820-0-0x0000000004D10000-0x0000000004D11000-memory.dmp

Filesize
4KB

Download
memory/3820-2-0x00000000056E0000-0x00000000056E1000-memory.dmp

Filesize
4KB

Download