Analysis
-
max time kernel
65s -
max time network
116s -
platform
windows10_x64 -
resource
win10 -
submitted
17-07-2020 13:26
Static task
static1
Behavioral task
behavioral1
Sample
Catalog.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Catalog.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
Catalog.exe
-
Size
820KB
-
MD5
f1e269fe03f616dc0c24ccaaa0fc3f28
-
SHA1
d0313e2711dc6843d46aabc6339f7f30d1707e61
-
SHA256
2d7ff4d0c4d8b37b1595f85868806d43b5abddf83c1c36723c7d3b48b884d06b
-
SHA512
0bfa686b3fc670ec5711f57f10987f419d51d97acccf75c0c9dbc0e6656fd90fa1be82e895822333b78b539a7a20ad440939c7379edf9faf68bd07dfa371f025
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3804 3588 WerFault.exe 66 -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 3804 WerFault.exe 3804 WerFault.exe 3804 WerFault.exe 3804 WerFault.exe 3804 WerFault.exe 3804 WerFault.exe 3804 WerFault.exe 3804 WerFault.exe 3804 WerFault.exe 3804 WerFault.exe 3804 WerFault.exe 3804 WerFault.exe 3804 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 3804 WerFault.exe Token: SeBackupPrivilege 3804 WerFault.exe Token: SeDebugPrivilege 3804 WerFault.exe
Processes
Network
-
Remote address:13.107.4.52:80RequestGET /connecttest.txt HTTP/1.1
Connection: Keep-Alive
Host: www.msftconnecttest.com
ResponseHTTP/1.1 200 OK
Content-Length: 22
Content-Type: text/plain; charset=utf-8
Last-Modified: Mon, 13 Jul 2020 23:48:21 GMT
Accept-Ranges: bytes
ETag: 0x8D343F9E96C9DAC
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-MSEdge-Ref
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
X-MSEdge-Ref: Ref A: CC7D3BE144BC4BD7B757B4B833E3C0C2 Ref B: AMSEDGE1121 Ref C: 2020-07-17T13:27:36Z
Date: Fri, 17 Jul 2020 13:27:35 GMT
-
Remote address:13.107.4.52:80RequestGET /connecttest.txt HTTP/1.1
Connection: Keep-Alive
Host: www.msftconnecttest.com
ResponseHTTP/1.1 200 OK
Content-Length: 22
Content-Type: text/plain; charset=utf-8
Last-Modified: Mon, 13 Jul 2020 23:48:21 GMT
Accept-Ranges: bytes
ETag: 0x8D343F9E96C9DAC
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-MSEdge-Ref
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
X-MSEdge-Ref: Ref A: 3B018AF55CDE4E23BAAE1927B65248DB Ref B: AMSEDGE1121 Ref C: 2020-07-17T13:27:36Z
Date: Fri, 17 Jul 2020 13:27:35 GMT
-
Remote address:13.107.4.52:80RequestGET /connecttest.txt HTTP/1.1
Connection: Keep-Alive
Host: www.msftconnecttest.com
ResponseHTTP/1.1 200 OK
Content-Length: 22
Content-Type: text/plain; charset=utf-8
Last-Modified: Mon, 13 Jul 2020 23:48:21 GMT
Accept-Ranges: bytes
ETag: 0x8D343F9E96C9DAC
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-MSEdge-Ref
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
X-MSEdge-Ref: Ref A: F6BD2FA8BC874210B53073622BD8A557 Ref B: AMSEDGE1121 Ref C: 2020-07-17T13:27:36Z
Date: Fri, 17 Jul 2020 13:27:35 GMT
-
Remote address:13.107.4.52:80RequestGET /connecttest.txt HTTP/1.1
Connection: Keep-Alive
Host: www.msftconnecttest.com
ResponseHTTP/1.1 200 OK
Content-Length: 22
Content-Type: text/plain; charset=utf-8
Last-Modified: Mon, 13 Jul 2020 23:48:21 GMT
Accept-Ranges: bytes
ETag: 0x8D343F9E96C9DAC
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-MSEdge-Ref
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
X-MSEdge-Ref: Ref A: 85CD127200C441EEA23B8C888F43608C Ref B: AMSEDGE1121 Ref C: 2020-07-17T13:27:36Z
Date: Fri, 17 Jul 2020 13:27:35 GMT
-
794 B 2.4kB 10 11
HTTP Request
GET http://www.msftconnecttest.com/connecttest.txtHTTP Response
200HTTP Request
GET http://www.msftconnecttest.com/connecttest.txtHTTP Response
200HTTP Request
GET http://www.msftconnecttest.com/connecttest.txtHTTP Response
200HTTP Request
GET http://www.msftconnecttest.com/connecttest.txtHTTP Response
200
No results found