7b8f2be19853cd2012b78f6fc89301cec921cf95b14a1aa69ebbc9bdb74e0d28 | Triage

Analysis

max time kernel
147s
max time network
111s
platform
windows10_x64
resource
win10v200430
submitted
18-07-2020 00:10

Sharing

Report Analysis Logs

General

Target

7b8f2be19853cd2012b78f6fc89301cec921cf95b14a1aa69ebbc9bdb74e0d28.exe
Size

682KB
MD5

c3e16f313fe5ffd21ffb677ea325721d
SHA1

e2547f4aa78c2a9e486bfdb12f7f203cdc9b41b0
SHA256

7b8f2be19853cd2012b78f6fc89301cec921cf95b14a1aa69ebbc9bdb74e0d28
SHA512

f4daa235b66c4a7a24804c7339f4f2fca35b589489e80dca07507d3f53da44d70693096da7f43cbfbf8458cc69e066f22efd8a86eb826e0ae70441171192a653

Score

3^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	2224	WerFault.exe
Token: SeBackupPrivilege	2224	WerFault.exe
Token: SeDebugPrivilege	2224	WerFault.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
2224	WerFault.exe
2224	WerFault.exe
2224	WerFault.exe
2224	WerFault.exe
2224	WerFault.exe
2224	WerFault.exe
2224	WerFault.exe
2224	WerFault.exe
2224	WerFault.exe
2224	WerFault.exe
2224	WerFault.exe
2224	WerFault.exe
2224	WerFault.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2224	3768	WerFault.exe	65

C:\Users\Admin\AppData\Local\Temp\7b8f2be19853cd2012b78f6fc89301cec921cf95b14a1aa69ebbc9bdb74e0d28.exe
"C:\Users\Admin\AppData\Local\Temp\7b8f2be19853cd2012b78f6fc89301cec921cf95b14a1aa69ebbc9bdb74e0d28.exe"
1⤵
PID:3768
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 1152
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious behavior: EnumeratesProcesses
  - Program crash
  PID:2224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2224-0-0x0000000004C90000-0x0000000004C91000-memory.dmp

Filesize
4KB

Download
memory/2224-1-0x00000000053D0000-0x00000000053D1000-memory.dmp

Filesize
4KB

Download