Overview

overview

7

Static

static

edfc2a805e...67.exe

windows7_x64

7

edfc2a805e...67.exe

windows10_x64

3

Analysis

  • max time kernel
    75s
  • max time network
    134s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    08-11-2020 17:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    edfc2a805ef7444349062f269239aa07d9ee61134d7366d5f06ae48c694b1867.exe

  • Size

    690KB

  • MD5

    3bc13bb292e6aeca0d32630d048819a7

  • SHA1

    1d537a053489bff1a7a21cf1ff27836c8381e7b1

  • SHA256

    edfc2a805ef7444349062f269239aa07d9ee61134d7366d5f06ae48c694b1867

  • SHA512

    de487902d54eac715b02a270676e5c9fd40a0454a5069fff5b46903168d09319116432b4c777dd9d014f4e3b4ba2e5c64398700364a66bbb3b7a95a26badbb3a

Score
3/10

Malware Config

Signatures

  • Program crash 13 IoCs
  • Suspicious behavior: EnumeratesProcesses 188 IoCs
  • Suspicious use of AdjustPrivilegeToken 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\edfc2a805ef7444349062f269239aa07d9ee61134d7366d5f06ae48c694b1867.exe
    "C:\Users\Admin\AppData\Local\Temp\edfc2a805ef7444349062f269239aa07d9ee61134d7366d5f06ae48c694b1867.exe"
    1⤵
      PID:1056
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 780
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:804
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 908
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:204
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 1076
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1972
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 1112
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2252
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 1052
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3324
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 1152
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:3320
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 1304
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:3980
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 1508
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:3868
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 1700
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:2704
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 1520
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:1368
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 1508
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:652
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 1536
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:740
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 1748
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:2732

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/204-6-0x0000000004DC0000-0x0000000004DC1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/204-9-0x00000000054F0000-0x00000000054F1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/652-116-0x0000000004AE0000-0x0000000004AE1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/652-119-0x0000000005310000-0x0000000005311000-memory.dmp
      Filesize

      4KB

      Download
    • memory/740-120-0x0000000004FB0000-0x0000000004FB1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/740-123-0x00000000058E0000-0x00000000058E1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/804-5-0x0000000005460000-0x0000000005461000-memory.dmp
      Filesize

      4KB

      Download
    • memory/804-3-0x0000000004C30000-0x0000000004C31000-memory.dmp
      Filesize

      4KB

      Download
    • memory/804-2-0x0000000004C30000-0x0000000004C31000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1056-0-0x0000000000FE6000-0x0000000000FE7000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1056-1-0x0000000002B20000-0x0000000002B21000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1368-114-0x0000000000780000-0x0000000000781000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1368-115-0x0000000004920000-0x0000000004921000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1972-10-0x00000000050E0000-0x00000000050E1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1972-13-0x0000000005710000-0x0000000005711000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2252-14-0x0000000004700000-0x0000000004701000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2252-19-0x0000000004800000-0x0000000004801000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2704-38-0x0000000004700000-0x0000000004701000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2704-44-0x0000000004BF0000-0x0000000004BF1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2732-129-0x0000000004BF0000-0x0000000004BF1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2732-124-0x0000000004700000-0x0000000004701000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3320-27-0x0000000005760000-0x0000000005761000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3320-24-0x0000000005030000-0x0000000005031000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3324-20-0x0000000004B00000-0x0000000004B01000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3324-23-0x00000000052B0000-0x00000000052B1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3868-37-0x0000000004FD0000-0x0000000004FD1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3868-34-0x0000000004890000-0x0000000004891000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3980-33-0x0000000004800000-0x0000000004801000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3980-28-0x0000000004700000-0x0000000004701000-memory.dmp
      Filesize

      4KB

      Download