e3fc20c3720e3822c54c48f53cffb77b3a21769eb9c03c63fe7fb032d7181bfa | Triage

Analysis

max time kernel
123s
max time network
125s
platform
windows10_x64
resource
win10
submitted
12-07-2020 08:03

Sharing

Report Analysis Logs

General

Target

po30 URGENT QUOTE NEEDED FOR 9th JULY 2020.exe
Size

646KB
MD5

4cb1b5c688395f40d9eb8e8f2ad6c1fb
SHA1

718051b56921d6a85024afb8357e6b06e38356e8
SHA256

e3fc20c3720e3822c54c48f53cffb77b3a21769eb9c03c63fe7fb032d7181bfa
SHA512

bbe1a416cee69d17c376aff7b5379cba92a0c9d077a026704a121993af7540491869ab37f88a90e90947a6fde8221c67a5f5703ffc4319190eeab814ad764b8b

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3872	720	WerFault.exe	66

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	3872	WerFault.exe
Token: SeBackupPrivilege	3872	WerFault.exe
Token: SeDebugPrivilege	3872	WerFault.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
3872	WerFault.exe
3872	WerFault.exe
3872	WerFault.exe
3872	WerFault.exe
3872	WerFault.exe
3872	WerFault.exe
3872	WerFault.exe
3872	WerFault.exe
3872	WerFault.exe
3872	WerFault.exe
3872	WerFault.exe
3872	WerFault.exe
3872	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\po30 URGENT QUOTE NEEDED FOR 9th JULY 2020.exe
"C:\Users\Admin\AppData\Local\Temp\po30 URGENT QUOTE NEEDED FOR 9th JULY 2020.exe"
1⤵
PID:720
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 720 -s 1136
  2⤵
  - Program crash
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious behavior: EnumeratesProcesses
  PID:3872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3872-0-0x0000000004E00000-0x0000000004E01000-memory.dmp

Filesize
4KB

Download
memory/3872-1-0x0000000005540000-0x0000000005541000-memory.dmp

Filesize
4KB

Download