Analysis
-
max time kernel
126s -
max time network
124s -
platform
windows10_x64 -
resource
win10 -
submitted
19-07-2020 19:35
General
-
Target
kins_1.0.1.0.vir.exe
-
Size
264KB
-
MD5
0a685c37f75a6224a7aa74ac58568b2a
-
SHA1
bc3fca55b7f105466082499ab1b3bc7b268ba21d
-
SHA256
2175bd94c8f6b7a75f4058bb9b981c2dee39a34a51afe018ebecfbffa490656c
-
SHA512
34811a19c4aa3cb9871aaf34349f8b11d7938995484ff576ee4747a2e7808feced53ef3b9373e3fb5b259e31573a7eeeb55bf01ee0159fcc9e3890a6a2cfae8f
Score
3/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
-
Program crash 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 28 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\kins_1.0.1.0.vir.exe"C:\Users\Admin\AppData\Local\Temp\kins_1.0.1.0.vir.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 5362⤵
- Suspicious use of AdjustPrivilegeToken
- Program crash
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 4962⤵
- Suspicious use of AdjustPrivilegeToken
- Program crash
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 2482⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3520-0-0x0000000004380000-0x0000000004381000-memory.dmpFilesize
4KB
-
memory/3932-2-0x0000000004380000-0x0000000004381000-memory.dmpFilesize
4KB
-
memory/3932-3-0x0000000004AB0000-0x0000000004AB1000-memory.dmpFilesize
4KB