6c66a530ffba5d13f757de65d3fe08968aad8df9b1f03f6876f631d0dd28f10e | Triage

Analysis

max time kernel
123s
max time network
146s
platform
windows10_x64
resource
win10v200430
submitted
10-07-2020 12:11

Sharing

Report Analysis Logs

General

Target

SecuriteInfo.com.Variant.Ulise.108894.12225.10849.exe
Size

2.2MB
MD5

5a68b66d118f10560485e42ff141487c
SHA1

8e0ea69493ca842fb2d3fa3e2ef9be1ea2467e4b
SHA256

6c66a530ffba5d13f757de65d3fe08968aad8df9b1f03f6876f631d0dd28f10e
SHA512

256cda6900929c32cabe0436aa15db8e3eb79c8c12eff8049845f6f854ae3a49c407909c463cce125a74a5c8a6eedd7b88c3ff56cef7e6846c5d5ef048139992

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1344	2536	WerFault.exe	67

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	1344	WerFault.exe
Token: SeBackupPrivilege	1344	WerFault.exe
Token: SeDebugPrivilege	1344	WerFault.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
1344	WerFault.exe
1344	WerFault.exe
1344	WerFault.exe
1344	WerFault.exe
1344	WerFault.exe
1344	WerFault.exe
1344	WerFault.exe
1344	WerFault.exe
1344	WerFault.exe
1344	WerFault.exe
1344	WerFault.exe
1344	WerFault.exe
1344	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Ulise.108894.12225.10849.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Ulise.108894.12225.10849.exe"
1⤵
PID:2536
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 232
  2⤵
  - Program crash
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious behavior: EnumeratesProcesses
  PID:1344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1344-0-0x00000000049C0000-0x00000000049C1000-memory.dmp

Filesize
4KB

Download
memory/1344-1-0x00000000049C0000-0x00000000049C1000-memory.dmp

Filesize
4KB

Download
memory/1344-4-0x0000000004DF0000-0x0000000004DF1000-memory.dmp

Filesize
4KB

Download