Analysis
-
max time kernel
131s -
max time network
144s -
platform
windows7_x64 -
resource
win7 -
submitted
25-10-2020 19:01
General
-
Target
958bcd0dcb4a1fe6d5a35016b45f336e.exe
-
Size
859KB
-
MD5
958bcd0dcb4a1fe6d5a35016b45f336e
-
SHA1
870683671b188887bce2dd3ae2234ff7540000b0
-
SHA256
f52f1869bfde156b6c22b36561d473f58273ea5c49a7403db8670c5a59f696d8
-
SHA512
45bfd9ff786e69226f0568122de76f40a250e1419b8cf1ab0e23c171bba2dce8f9d6f79aa181f20474c5d068099ce93d7f23007395a56c599d1d7be4efb3c168
Score
6/10
Malware Config
Signatures
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\958bcd0dcb4a1fe6d5a35016b45f336e.exe"C:\Users\Admin\AppData\Local\Temp\958bcd0dcb4a1fe6d5a35016b45f336e.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1900 -s 17322⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1688-3-0x0000000000000000-mapping.dmp
-
memory/1688-4-0x0000000001D30000-0x0000000001D41000-memory.dmpFilesize
68KB
-
memory/1688-7-0x0000000002A90000-0x0000000002AA1000-memory.dmpFilesize
68KB
-
memory/1900-0-0x000007FEF63E0000-0x000007FEF6DCC000-memory.dmpFilesize
9.9MB
-
memory/1900-1-0x0000000001220000-0x0000000001221000-memory.dmpFilesize
4KB