Overview

overview

7

Static

static

b23e0fa085...cf.exe

windows7_x64

7

b23e0fa085...cf.exe

windows10_x64

3

Analysis

  • max time kernel
    66s
  • max time network
    131s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    08-11-2020 17:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b23e0fa0852d359938e58bf1a2a62e636df526b2a95418cbf65d9351045f89cf.exe

  • Size

    708KB

  • MD5

    dca059c7fea13d73c9f090faad08f0ce

  • SHA1

    ca1649e5adf3370ac20eaeb6ab5b84a8fd52bc4d

  • SHA256

    b23e0fa0852d359938e58bf1a2a62e636df526b2a95418cbf65d9351045f89cf

  • SHA512

    6d66a2d92f45ffb666ae7853df99d703449d4cf384b361789114b38b9f718ff08e46fe7df34e1619b2aa5b5f2ea5ed7102e679876a9ced15f278566b6943cb92

Score
3/10

Malware Config

Signatures

  • Program crash 13 IoCs
  • Suspicious behavior: EnumeratesProcesses 189 IoCs
  • Suspicious use of AdjustPrivilegeToken 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b23e0fa0852d359938e58bf1a2a62e636df526b2a95418cbf65d9351045f89cf.exe
    "C:\Users\Admin\AppData\Local\Temp\b23e0fa0852d359938e58bf1a2a62e636df526b2a95418cbf65d9351045f89cf.exe"
    1⤵
      PID:652
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 796
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3580
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 932
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:508
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 1076
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2676
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 1048
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3992
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 1096
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3548
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 1040
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:2264
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 1208
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:3980
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 1416
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:3840
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 1340
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:492
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 1448
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:3596
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 1436
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:496
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 1620
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:200
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 1240
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:3304

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/200-59-0x0000000004DB0000-0x0000000004DB1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/200-56-0x0000000004580000-0x0000000004581000-memory.dmp
      Filesize

      4KB

      Download
    • memory/492-45-0x0000000005720000-0x0000000005721000-memory.dmp
      Filesize

      4KB

      Download
    • memory/492-42-0x0000000004FF0000-0x0000000004FF1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/496-55-0x0000000004A70000-0x0000000004A71000-memory.dmp
      Filesize

      4KB

      Download
    • memory/496-50-0x0000000004580000-0x0000000004581000-memory.dmp
      Filesize

      4KB

      Download
    • memory/508-6-0x0000000004A80000-0x0000000004A81000-memory.dmp
      Filesize

      4KB

      Download
    • memory/508-9-0x00000000050B0000-0x00000000050B1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/652-0-0x00000000024D6000-0x00000000024D7000-memory.dmp
      Filesize

      4KB

      Download
    • memory/652-1-0x0000000004240000-0x0000000004241000-memory.dmp
      Filesize

      4KB

      Download
    • memory/652-30-0x0000000004340000-0x0000000004341000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2264-29-0x0000000004870000-0x0000000004871000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2264-24-0x0000000004580000-0x0000000004581000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2676-13-0x0000000005390000-0x0000000005391000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2676-10-0x0000000004D60000-0x0000000004D61000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3304-65-0x0000000004A70000-0x0000000004A71000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3548-21-0x0000000005230000-0x0000000005231000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3548-18-0x0000000004C00000-0x0000000004C01000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3580-2-0x0000000004AE0000-0x0000000004AE1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3580-3-0x0000000004AE0000-0x0000000004AE1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3580-5-0x0000000005010000-0x0000000005011000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3596-46-0x0000000004580000-0x0000000004581000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3596-49-0x0000000004CB0000-0x0000000004CB1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3840-38-0x0000000004710000-0x0000000004711000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3840-41-0x0000000005040000-0x0000000005041000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3980-34-0x0000000004C10000-0x0000000004C11000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3980-37-0x0000000005240000-0x0000000005241000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3992-14-0x0000000004FD0000-0x0000000004FD1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3992-17-0x0000000005700000-0x0000000005701000-memory.dmp
      Filesize

      4KB

      Download