Overview

overview

7

Static

static

1beab04f6c...7c.exe

windows7_x64

7

1beab04f6c...7c.exe

windows10_x64

3

Analysis

  • max time kernel
    77s
  • max time network
    139s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    06-11-2020 10:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1beab04f6ca5f34a6c0f6515b24ce4eaa0d354f81887094a1c8ff4a4c6ddf17c.exe

  • Size

    708KB

  • MD5

    f139bcd08ad8da406f7dd25411d1c9b3

  • SHA1

    2987c25602af9f636511d90dde0ecb637fc1c5e6

  • SHA256

    1beab04f6ca5f34a6c0f6515b24ce4eaa0d354f81887094a1c8ff4a4c6ddf17c

  • SHA512

    cbf2f9d40919648ba395e79320feb13eca3a61fe28da570f64f562dbd959fd87c90459458239a36bff9b913ddc1c0f1ea7f32627b6aae19448b85173c3d088f6

Score
3/10

Malware Config

Signatures

  • Program crash 13 IoCs
  • Suspicious behavior: EnumeratesProcesses 188 IoCs
  • Suspicious use of AdjustPrivilegeToken 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1beab04f6ca5f34a6c0f6515b24ce4eaa0d354f81887094a1c8ff4a4c6ddf17c.exe
    "C:\Users\Admin\AppData\Local\Temp\1beab04f6ca5f34a6c0f6515b24ce4eaa0d354f81887094a1c8ff4a4c6ddf17c.exe"
    1⤵
      PID:656
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 656 -s 772
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3196
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 656 -s 916
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3716
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 656 -s 1048
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2916
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 656 -s 1116
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:212
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 656 -s 1068
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2336
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 656 -s 1136
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:3044
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 656 -s 1232
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:1324
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 656 -s 1428
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:2072
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 656 -s 1604
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:3836
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 656 -s 1636
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:3956
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 656 -s 1416
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:4024
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 656 -s 1624
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:1128
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 656 -s 1632
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:1168

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/212-14-0x0000000004CF0000-0x0000000004CF1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/212-17-0x00000000054A0000-0x00000000054A1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/656-1-0x0000000004350000-0x0000000004351000-memory.dmp
      Filesize

      4KB

      Download
    • memory/656-0-0x00000000024D6000-0x00000000024D7000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1128-118-0x00000000045A0000-0x00000000045A1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1128-121-0x0000000004DD0000-0x0000000004DD1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1168-122-0x0000000004730000-0x0000000004731000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1168-126-0x0000000004E60000-0x0000000004E61000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1324-29-0x00000000055C0000-0x00000000055C1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1324-26-0x0000000004D90000-0x0000000004D91000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2072-35-0x0000000004990000-0x0000000004991000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2072-30-0x00000000045A0000-0x00000000045A1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2336-21-0x0000000005730000-0x0000000005731000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2336-18-0x0000000005000000-0x0000000005001000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2916-13-0x0000000004E60000-0x0000000004E61000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2916-10-0x0000000004730000-0x0000000004731000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3044-22-0x0000000004E20000-0x0000000004E21000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3044-25-0x0000000005450000-0x0000000005451000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3196-5-0x00000000055F0000-0x00000000055F1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3196-3-0x0000000004EC0000-0x0000000004EC1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3196-2-0x0000000004EC0000-0x0000000004EC1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3716-9-0x0000000004AD0000-0x0000000004AD1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3716-6-0x00000000045A0000-0x00000000045A1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3836-36-0x00000000045A0000-0x00000000045A1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3836-39-0x0000000004ED0000-0x0000000004ED1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3956-43-0x0000000004E60000-0x0000000004E61000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3956-55-0x0000000004E60000-0x0000000004E61000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3956-48-0x0000000004E60000-0x0000000004E61000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3956-49-0x0000000004E60000-0x0000000004E61000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3956-50-0x0000000004E60000-0x0000000004E61000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3956-51-0x0000000004E60000-0x0000000004E61000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3956-52-0x0000000004E60000-0x0000000004E61000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3956-53-0x0000000004E60000-0x0000000004E61000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3956-54-0x0000000004E60000-0x0000000004E61000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3956-47-0x0000000004E60000-0x0000000004E61000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3956-56-0x0000000004E60000-0x0000000004E61000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3956-57-0x0000000004E60000-0x0000000004E61000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3956-58-0x0000000004E60000-0x0000000004E61000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3956-40-0x0000000004730000-0x0000000004731000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3956-45-0x0000000004E60000-0x0000000004E61000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3956-46-0x0000000004E60000-0x0000000004E61000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3956-44-0x0000000004E60000-0x0000000004E61000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4024-117-0x0000000005730000-0x0000000005731000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4024-114-0x0000000004F00000-0x0000000004F01000-memory.dmp
      Filesize

      4KB

      Download