b84f51a8448ff531ac11939b6ed24a854cb9a72926fce8f5bcf3e07781bf98f6 | Triage

Analysis

max time kernel
67s
max time network
95s
platform
windows10_x64
resource
win10
submitted
16-07-2020 18:48

Sharing

Report Analysis Logs

General

Target

ΠΡΟΣΑΡΤΗΜΑ ΕΓΚΡΙΣΗΣ ΠΛΗΡΩΜΗΣ.exe
Size

561KB
MD5

e185c970fb0e8f1557f0301f3ed162d3
SHA1

e9ae11dd4da0091bec975b7041bfc4d74ea90759
SHA256

b84f51a8448ff531ac11939b6ed24a854cb9a72926fce8f5bcf3e07781bf98f6
SHA512

5cae4767a0836e91e4b5b34283df2e372756d13ae692405a33ad4866e3a7f695ef832abaa438c3881201b5ff21af4c68909110d6385a36cb0e60f0001a07c745

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3784	3536	WerFault.exe	66

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
3784	WerFault.exe
3784	WerFault.exe
3784	WerFault.exe
3784	WerFault.exe
3784	WerFault.exe
3784	WerFault.exe
3784	WerFault.exe
3784	WerFault.exe
3784	WerFault.exe
3784	WerFault.exe
3784	WerFault.exe
3784	WerFault.exe
3784	WerFault.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	3784	WerFault.exe
Token: SeBackupPrivilege	3784	WerFault.exe
Token: SeDebugPrivilege	3784	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\ΠΡΟΣΑΡΤΗΜΑ ΕΓΚΡΙΣΗΣ ΠΛΗΡΩΜΗΣ.exe
"C:\Users\Admin\AppData\Local\Temp\ΠΡΟΣΑΡΤΗΜΑ ΕΓΚΡΙΣΗΣ ΠΛΗΡΩΜΗΣ.exe"
1⤵
PID:3536
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 908
  2⤵
  - Program crash
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3784-0-0x0000000004AE0000-0x0000000004AE1000-memory.dmp

Filesize
4KB

Download