Overview

overview

7

Static

static

26eb49d7b6...28.exe

windows7_x64

7

26eb49d7b6...28.exe

windows10_x64

3

Analysis

  • max time kernel
    71s
  • max time network
    132s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    09-11-2020 21:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    26eb49d7b6c68105af777f6a4681b6a9be1e5673467e4b77848f391bdb681d28.exe

  • Size

    598KB

  • MD5

    cb0a06a7bf5a2017f1a58fcd576d117d

  • SHA1

    c30ad86b1196cd4307f3b3cfa4b638d236a03b02

  • SHA256

    26eb49d7b6c68105af777f6a4681b6a9be1e5673467e4b77848f391bdb681d28

  • SHA512

    3132cfe92836d5eb77f005e04939acf83626f28a3f2cce4835c2c7093cc7c970aa91f686e8e650dcec704f8bc55cd5309a03d4032ce443e246773b61ba77130f

Score
3/10

Malware Config

Signatures

  • Program crash 13 IoCs
  • Suspicious behavior: EnumeratesProcesses 189 IoCs
  • Suspicious use of AdjustPrivilegeToken 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\26eb49d7b6c68105af777f6a4681b6a9be1e5673467e4b77848f391bdb681d28.exe
    "C:\Users\Admin\AppData\Local\Temp\26eb49d7b6c68105af777f6a4681b6a9be1e5673467e4b77848f391bdb681d28.exe"
    1⤵
      PID:1044
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 796
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1012
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 968
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3588
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 1012
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2252
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 1080
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3656
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 1092
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3384
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 1116
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:3320
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 1212
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:2040
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 1428
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:2720
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 1628
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:3380
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 1680
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:3836
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 1376
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:2052
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 1604
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:3868
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 1612
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:1276

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1012-2-0x0000000004F10000-0x0000000004F11000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1012-3-0x0000000004F10000-0x0000000004F11000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1012-5-0x0000000005540000-0x0000000005541000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1044-0-0x0000000000F34000-0x0000000000F35000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1044-1-0x0000000002A10000-0x0000000002A11000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1276-103-0x0000000004460000-0x0000000004461000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1276-106-0x0000000004C90000-0x0000000004C91000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2040-79-0x00000000045C0000-0x00000000045C1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2040-82-0x00000000049F0000-0x00000000049F1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2052-98-0x0000000004FE0000-0x0000000004FE1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2052-95-0x00000000048B0000-0x00000000048B1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2252-10-0x00000000048E0000-0x00000000048E1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2252-13-0x0000000004F10000-0x0000000004F11000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2720-86-0x0000000004990000-0x0000000004991000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2720-83-0x0000000004450000-0x0000000004451000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3320-26-0x0000000005500000-0x0000000005501000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3320-22-0x0000000004FD0000-0x0000000004FD1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3380-87-0x00000000048E0000-0x00000000048E1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3380-90-0x0000000005010000-0x0000000005011000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3384-21-0x0000000005510000-0x0000000005511000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3384-18-0x0000000004EE0000-0x0000000004EE1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3588-9-0x0000000005450000-0x0000000005451000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3588-6-0x0000000004E20000-0x0000000004E21000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3656-17-0x0000000005430000-0x0000000005431000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3656-14-0x0000000004F00000-0x0000000004F01000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3836-94-0x0000000005670000-0x0000000005671000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3836-91-0x0000000004E40000-0x0000000004E41000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3868-102-0x0000000004E20000-0x0000000004E21000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3868-99-0x00000000045F0000-0x00000000045F1000-memory.dmp
      Filesize

      4KB

      Download