b46a76c6240983b927fa789dbfd5214bb513285da9205c52539736286346ddaf | Triage

Analysis

max time kernel
136s
max time network
102s
platform
windows10_x64
resource
win10v200430
submitted
10/07/2020, 09:18

Sharing

Report Analysis Logs

General

Target

Design Drawing.exe
Size

616KB
MD5

f5c5c0ac89d31ce5f74c54ec5788ea8e
SHA1

29c098ffdcbd86961dfdd8e733cf89ea0e8cfc03
SHA256

b46a76c6240983b927fa789dbfd5214bb513285da9205c52539736286346ddaf
SHA512

878fb77271eeddf5db88b41e9f10350d24691d71115523067ebb023b0b2ce76d57399b79378cfdee089ecd7e6fe58edc8c44f4799b8b3fb5285fc7dc201be517

Score

3^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
2268	WerFault.exe
2268	WerFault.exe
2268	WerFault.exe
2268	WerFault.exe
2268	WerFault.exe
2268	WerFault.exe
2268	WerFault.exe
2268	WerFault.exe
2268	WerFault.exe
2268	WerFault.exe
2268	WerFault.exe
2268	WerFault.exe
2268	WerFault.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2268	3944	WerFault.exe	65

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	2268	WerFault.exe
Token: SeBackupPrivilege	2268	WerFault.exe
Token: SeDebugPrivilege	2268	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\Design Drawing.exe
"C:\Users\Admin\AppData\Local\Temp\Design Drawing.exe"
1⤵
PID:3944
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 896
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Program crash
  - Suspicious use of AdjustPrivilegeToken
  PID:2268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2268-0-0x0000000004130000-0x0000000004131000-memory.dmp

Filesize
4KB

Download
memory/2268-1-0x00000000046F0000-0x00000000046F1000-memory.dmp

Filesize
4KB

Download