96c9133f07d45f5b33402a782fc456f9eeef61a8111d6ec5ede8cb7d77ba9312 | Triage

Analysis

max time kernel
66s
max time network
83s
platform
windows10_x64
resource
win10
submitted
18-07-2020 08:04

Sharing

Report Analysis Logs

General

Target

PO 17072020 4356553.exe
Size

691KB
MD5

f75af85fecfba08c11665e2a6a8b77d7
SHA1

973ba0ad4191d54a534b720f032ad3161df531d4
SHA256

96c9133f07d45f5b33402a782fc456f9eeef61a8111d6ec5ede8cb7d77ba9312
SHA512

6e68d157ba78aa719477a14bc36648c58a7c5aa0570c8d779fc5d6b16ca2997d8790f2cedea8052b0da61cbe968f9f055eaebf1fe5298ae5cab80ddcb49b621e

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3212	3536	WerFault.exe	66

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3536	PO 17072020 4356553.exe
3212	WerFault.exe
3212	WerFault.exe
3212	WerFault.exe
3212	WerFault.exe
3212	WerFault.exe
3212	WerFault.exe
3212	WerFault.exe
3212	WerFault.exe
3212	WerFault.exe
3212	WerFault.exe
3212	WerFault.exe
3212	WerFault.exe
3212	WerFault.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	3536	PO 17072020 4356553.exe
Token: SeRestorePrivilege	3212	WerFault.exe
Token: SeBackupPrivilege	3212	WerFault.exe
Token: SeDebugPrivilege	3212	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\PO 17072020 4356553.exe
"C:\Users\Admin\AppData\Local\Temp\PO 17072020 4356553.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3536
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 1264
  2⤵
  - Program crash
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3212-0-0x0000000004690000-0x0000000004691000-memory.dmp

Filesize
4KB

Download
memory/3212-2-0x0000000004E50000-0x0000000004E51000-memory.dmp

Filesize
4KB

Download
memory/3212-69-0x0000000005250000-0x0000000005251000-memory.dmp

Filesize
4KB

Download