Analysis
-
max time kernel
111s -
max time network
114s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
10-11-2020 11:36
General
-
Target
85862161391878722a0bacf3d1bc637ed37dc57a2b14bd9aea3a2108bcc6400e.exe
-
Size
514KB
-
MD5
d0229fb1eab49a8995b94d93cb0593e4
-
SHA1
c1aa688f65ff43a726f80b5e3e2c7f9233ba14f5
-
SHA256
85862161391878722a0bacf3d1bc637ed37dc57a2b14bd9aea3a2108bcc6400e
-
SHA512
eb880244cfe8fc5f67a69b3eadc5287d183578412e95d23f0aac16e763e35cd54cfcd37548b46a22855668dd85951663e6c0b8955e9c394bd6cd32339755f65f
Score
3/10
Malware Config
Signatures
-
Program crash 6 IoCs
-
Suspicious behavior: EnumeratesProcesses 84 IoCs
-
Suspicious use of AdjustPrivilegeToken 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\85862161391878722a0bacf3d1bc637ed37dc57a2b14bd9aea3a2108bcc6400e.exe"C:\Users\Admin\AppData\Local\Temp\85862161391878722a0bacf3d1bc637ed37dc57a2b14bd9aea3a2108bcc6400e.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 7362⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 8122⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 8922⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 8642⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 11802⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 11482⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/184-14-0x0000000004710000-0x0000000004711000-memory.dmpFilesize
4KB
-
memory/184-11-0x0000000004060000-0x0000000004061000-memory.dmpFilesize
4KB
-
memory/640-1-0x0000000004070000-0x0000000004071000-memory.dmpFilesize
4KB
-
memory/640-0-0x0000000002432000-0x0000000002433000-memory.dmpFilesize
4KB
-
memory/1340-23-0x0000000004AC0000-0x0000000004AC1000-memory.dmpFilesize
4KB
-
memory/2940-18-0x00000000052A0000-0x00000000052A1000-memory.dmpFilesize
4KB
-
memory/2940-15-0x0000000004D70000-0x0000000004D71000-memory.dmpFilesize
4KB
-
memory/3184-22-0x0000000004F30000-0x0000000004F31000-memory.dmpFilesize
4KB
-
memory/3184-19-0x0000000004680000-0x0000000004681000-memory.dmpFilesize
4KB
-
memory/3248-9-0x0000000005250000-0x0000000005251000-memory.dmpFilesize
4KB
-
memory/3248-10-0x0000000005540000-0x0000000005541000-memory.dmpFilesize
4KB
-
memory/3248-6-0x0000000004E50000-0x0000000004E51000-memory.dmpFilesize
4KB
-
memory/3680-5-0x0000000005510000-0x0000000005511000-memory.dmpFilesize
4KB
-
memory/3680-3-0x0000000004EE0000-0x0000000004EE1000-memory.dmpFilesize
4KB
-
memory/3680-2-0x0000000004EE0000-0x0000000004EE1000-memory.dmpFilesize
4KB