Overview

overview

10

Static

static

ATR1.exe

windows7_x64

10

ATR1.exe

windows10_x64

3

Analysis

  • max time kernel
    65s
  • max time network
    112s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    31-07-2020 10:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ATR1.exe

  • Size

    574KB

  • MD5

    020d56ce7d0a45a896c811550e05ce9d

  • SHA1

    814c8ddbc50e9e158e63bdd745d683dcb636c2a6

  • SHA256

    06078629129c4bc1abb214bbbe1bfadca65b618ac9f6f93fc3b22d0a37740f5b

  • SHA512

    ce565aafb7593d5aa8393a46d27823a90c26e923a15a77252e0be1dbae4845254aa83f35ea44c18964490a7769431aeecffb80052e1f1b5af4b44d8028122dff

Score
3/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ATR1.exe
    "C:\Users\Admin\AppData\Local\Temp\ATR1.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious behavior: EnumeratesProcesses
    PID:3888
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 1220
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious behavior: EnumeratesProcesses
      • Program crash
      PID:3828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3828-0-0x0000000004840000-0x0000000004841000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3828-1-0x0000000004F80000-0x0000000004F81000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3828-2-0x0000000005380000-0x0000000005381000-memory.dmp
    Filesize

    4KB

    Download