6f9d5670d83775bcc5080ec114ba65270bc6b22e6e9af064305f16257b90d1a9 | Triage

Analysis

max time kernel
132s
max time network
132s
platform
windows10_x64
resource
win10
submitted
16-07-2020 08:20

Sharing

Report Analysis Logs

General

Target

Order 269_2020 00004 - 00000 - 47118971 21 pallet.exe
Size

576KB
MD5

bc1cb40fe8a3f3eb34cb46ba5564e7ae
SHA1

3bdd73bb406f7ae90b89ea5b8f9b76ef3afeb3b0
SHA256

6f9d5670d83775bcc5080ec114ba65270bc6b22e6e9af064305f16257b90d1a9
SHA512

d8db9ebb55f870d746d06fa9bc8e6509f7afab317cdc2035a8cc5bfc21d4ac52cfba0da23b70e53f1d63b169e386e3c7dd6c56234a2455099ff0e5a64a86c371

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3864	2460	WerFault.exe	66

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	3864	WerFault.exe
Token: SeBackupPrivilege	3864	WerFault.exe
Token: SeDebugPrivilege	3864	WerFault.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
3864	WerFault.exe
3864	WerFault.exe
3864	WerFault.exe
3864	WerFault.exe
3864	WerFault.exe
3864	WerFault.exe
3864	WerFault.exe
3864	WerFault.exe
3864	WerFault.exe
3864	WerFault.exe
3864	WerFault.exe
3864	WerFault.exe
3864	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\Order 269_2020 00004 - 00000 - 47118971 21 pallet.exe
"C:\Users\Admin\AppData\Local\Temp\Order 269_2020 00004 - 00000 - 47118971 21 pallet.exe"
1⤵
PID:2460
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 1164
  2⤵
  - Program crash
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious behavior: EnumeratesProcesses
  PID:3864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3864-0-0x0000000004600000-0x0000000004601000-memory.dmp

Filesize
4KB

Download
memory/3864-1-0x0000000004DC0000-0x0000000004DC1000-memory.dmp

Filesize
4KB

Download