Overview

overview

10

Static

static

d3858f7891...8e.exe

windows7_x64

10

d3858f7891...8e.exe

windows10_x64

3

Analysis

  • max time kernel
    19s
  • max time network
    99s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    09-11-2020 20:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d3858f7891a8d353754c41758558cc675a5a0941851cf52ba6deda822b76558e.exe

  • Size

    514KB

  • MD5

    aa95fd8cf4cc7a275d543782915ba443

  • SHA1

    3500853918f101e23b7e9c9331f5fd8e33595203

  • SHA256

    d3858f7891a8d353754c41758558cc675a5a0941851cf52ba6deda822b76558e

  • SHA512

    f76e6b00bd2824847603048cbc16631e2a8af37b783f83bd00800b2e15b67260f28bcfd41abe5d8acff52a3c2172eb14c04266b825274950de5c39467eb23b62

Score
3/10

Malware Config

Signatures

  • Program crash 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 84 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d3858f7891a8d353754c41758558cc675a5a0941851cf52ba6deda822b76558e.exe
    "C:\Users\Admin\AppData\Local\Temp\d3858f7891a8d353754c41758558cc675a5a0941851cf52ba6deda822b76558e.exe"
    1⤵
      PID:1124
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 736
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:544
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 848
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:528
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 896
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1384
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 876
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:192
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 1188
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3876
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 1224
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:3948

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/192-17-0x0000000004710000-0x0000000004711000-memory.dmp
      Filesize

      4KB

      Download
    • memory/192-14-0x00000000040E0000-0x00000000040E1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/528-6-0x0000000004A50000-0x0000000004A51000-memory.dmp
      Filesize

      4KB

      Download
    • memory/544-3-0x0000000004F80000-0x0000000004F81000-memory.dmp
      Filesize

      4KB

      Download
    • memory/544-5-0x0000000005630000-0x0000000005631000-memory.dmp
      Filesize

      4KB

      Download
    • memory/544-2-0x0000000004F80000-0x0000000004F81000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1124-0-0x0000000002456000-0x0000000002457000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1124-1-0x00000000040B0000-0x00000000040B1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1384-10-0x00000000049E0000-0x00000000049E1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1384-13-0x0000000004F10000-0x0000000004F11000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3876-18-0x0000000004790000-0x0000000004791000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3876-21-0x0000000005040000-0x0000000005041000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3948-22-0x0000000004C60000-0x0000000004C61000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3948-26-0x0000000005510000-0x0000000005511000-memory.dmp
      Filesize

      4KB

      Download