Analysis

  • max time kernel
    65s
  • max time network
    116s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    17-07-2020 13:26

General

  • Target

    Catalog.exe

  • Size

    820KB

  • MD5

    f1e269fe03f616dc0c24ccaaa0fc3f28

  • SHA1

    d0313e2711dc6843d46aabc6339f7f30d1707e61

  • SHA256

    2d7ff4d0c4d8b37b1595f85868806d43b5abddf83c1c36723c7d3b48b884d06b

  • SHA512

    0bfa686b3fc670ec5711f57f10987f419d51d97acccf75c0c9dbc0e6656fd90fa1be82e895822333b78b539a7a20ad440939c7379edf9faf68bd07dfa371f025

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Catalog.exe
    "C:\Users\Admin\AppData\Local\Temp\Catalog.exe"
    1⤵
      PID:3588
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 1156
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3804

    Network

    • flag-unknown
      GET
      http://www.msftconnecttest.com/connecttest.txt
      WerFault.exe
      Remote address:
      13.107.4.52:80
      Request
      GET /connecttest.txt HTTP/1.1
      Connection: Keep-Alive
      Host: www.msftconnecttest.com
      Response
      HTTP/1.1 200 OK
      Cache-Control: no-store
      Content-Length: 22
      Content-Type: text/plain; charset=utf-8
      Last-Modified: Mon, 13 Jul 2020 23:48:21 GMT
      Accept-Ranges: bytes
      ETag: 0x8D343F9E96C9DAC
      Access-Control-Allow-Origin: *
      Access-Control-Expose-Headers: X-MSEdge-Ref
      Timing-Allow-Origin: *
      X-Content-Type-Options: nosniff
      X-MSEdge-Ref: Ref A: CC7D3BE144BC4BD7B757B4B833E3C0C2 Ref B: AMSEDGE1121 Ref C: 2020-07-17T13:27:36Z
      Date: Fri, 17 Jul 2020 13:27:35 GMT
    • flag-unknown
      GET
      http://www.msftconnecttest.com/connecttest.txt
      WerFault.exe
      Remote address:
      13.107.4.52:80
      Request
      GET /connecttest.txt HTTP/1.1
      Connection: Keep-Alive
      Host: www.msftconnecttest.com
      Response
      HTTP/1.1 200 OK
      Cache-Control: no-store
      Content-Length: 22
      Content-Type: text/plain; charset=utf-8
      Last-Modified: Mon, 13 Jul 2020 23:48:21 GMT
      Accept-Ranges: bytes
      ETag: 0x8D343F9E96C9DAC
      Access-Control-Allow-Origin: *
      Access-Control-Expose-Headers: X-MSEdge-Ref
      Timing-Allow-Origin: *
      X-Content-Type-Options: nosniff
      X-MSEdge-Ref: Ref A: 3B018AF55CDE4E23BAAE1927B65248DB Ref B: AMSEDGE1121 Ref C: 2020-07-17T13:27:36Z
      Date: Fri, 17 Jul 2020 13:27:35 GMT
    • flag-unknown
      GET
      http://www.msftconnecttest.com/connecttest.txt
      WerFault.exe
      Remote address:
      13.107.4.52:80
      Request
      GET /connecttest.txt HTTP/1.1
      Connection: Keep-Alive
      Host: www.msftconnecttest.com
      Response
      HTTP/1.1 200 OK
      Cache-Control: no-store
      Content-Length: 22
      Content-Type: text/plain; charset=utf-8
      Last-Modified: Mon, 13 Jul 2020 23:48:21 GMT
      Accept-Ranges: bytes
      ETag: 0x8D343F9E96C9DAC
      Access-Control-Allow-Origin: *
      Access-Control-Expose-Headers: X-MSEdge-Ref
      Timing-Allow-Origin: *
      X-Content-Type-Options: nosniff
      X-MSEdge-Ref: Ref A: F6BD2FA8BC874210B53073622BD8A557 Ref B: AMSEDGE1121 Ref C: 2020-07-17T13:27:36Z
      Date: Fri, 17 Jul 2020 13:27:35 GMT
    • flag-unknown
      GET
      http://www.msftconnecttest.com/connecttest.txt
      WerFault.exe
      Remote address:
      13.107.4.52:80
      Request
      GET /connecttest.txt HTTP/1.1
      Connection: Keep-Alive
      Host: www.msftconnecttest.com
      Response
      HTTP/1.1 200 OK
      Cache-Control: no-store
      Content-Length: 22
      Content-Type: text/plain; charset=utf-8
      Last-Modified: Mon, 13 Jul 2020 23:48:21 GMT
      Accept-Ranges: bytes
      ETag: 0x8D343F9E96C9DAC
      Access-Control-Allow-Origin: *
      Access-Control-Expose-Headers: X-MSEdge-Ref
      Timing-Allow-Origin: *
      X-Content-Type-Options: nosniff
      X-MSEdge-Ref: Ref A: 85CD127200C441EEA23B8C888F43608C Ref B: AMSEDGE1121 Ref C: 2020-07-17T13:27:36Z
      Date: Fri, 17 Jul 2020 13:27:35 GMT
    • 13.107.4.52:80
      http://www.msftconnecttest.com/connecttest.txt
      http
      WerFault.exe
      794 B
      2.4kB
      10
      11

      HTTP Request

      GET http://www.msftconnecttest.com/connecttest.txt

      HTTP Response

      200

      HTTP Request

      GET http://www.msftconnecttest.com/connecttest.txt

      HTTP Response

      200

      HTTP Request

      GET http://www.msftconnecttest.com/connecttest.txt

      HTTP Response

      200

      HTTP Request

      GET http://www.msftconnecttest.com/connecttest.txt

      HTTP Response

      200
    No results found

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3804-0-0x0000000004D20000-0x0000000004D21000-memory.dmp

      Filesize

      4KB

    • memory/3804-1-0x0000000005360000-0x0000000005361000-memory.dmp

      Filesize

      4KB

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.