Analysis

  • max time kernel
    289s
  • max time network
    289s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    13-07-2020 16:34

General

  • Target

    e2473526523180f460af4d8e164df9060c9f328cc7c0bae5846d51b28c12febe.exe

  • Size

    439KB

  • MD5

    4ef2d073c2bc1e3f2673155f0ecc6d25

  • SHA1

    72d3d907d7502c383ffc8239d255882838a5a6e4

  • SHA256

    e2473526523180f460af4d8e164df9060c9f328cc7c0bae5846d51b28c12febe

  • SHA512

    18313982e57ca70f02fd35c9a13cc97e8ef73ccdae90a319cd810ff2f063d3722c88e7e1cc3f86d20bbc2f4922ac90876f1c926713fcac576b1c1a5dc20eec38

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e2473526523180f460af4d8e164df9060c9f328cc7c0bae5846d51b28c12febe.exe
    "C:\Users\Admin\AppData\Local\Temp\e2473526523180f460af4d8e164df9060c9f328cc7c0bae5846d51b28c12febe.exe"
    1⤵
      PID:3544
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 1148
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious behavior: EnumeratesProcesses
        PID:4012

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4012-0-0x00000000047D0000-0x00000000047D1000-memory.dmp

      Filesize

      4KB

    • memory/4012-1-0x0000000004F90000-0x0000000004F91000-memory.dmp

      Filesize

      4KB

    • memory/4012-2-0x0000000005390000-0x0000000005391000-memory.dmp

      Filesize

      4KB