Overview

overview

7

Static

static

6f90980da7...82.exe

windows7_x64

7

6f90980da7...82.exe

windows10_x64

3

Analysis

  • max time kernel
    73s
  • max time network
    137s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    11-11-2020 11:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6f90980da759e38d2f6a5963b808f2e18b3f1619dd8a5f072f94c8f8f1646d82.exe

  • Size

    690KB

  • MD5

    b1e507edf98c04f408530c8cfb13cf60

  • SHA1

    7c10e36093f9e129e26f88447fa9979c2b738127

  • SHA256

    6f90980da759e38d2f6a5963b808f2e18b3f1619dd8a5f072f94c8f8f1646d82

  • SHA512

    497009f7f18c42bf1a9f53dd9a1ec335e949086e48c8d27d546825857a48029df242b59679fce4369de0bf0e643d52e7883053435b805c83d67faadf1eea40b8

Score
3/10

Malware Config

Signatures

  • Program crash 13 IoCs
  • Suspicious behavior: EnumeratesProcesses 188 IoCs
  • Suspicious use of AdjustPrivilegeToken 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6f90980da759e38d2f6a5963b808f2e18b3f1619dd8a5f072f94c8f8f1646d82.exe
    "C:\Users\Admin\AppData\Local\Temp\6f90980da759e38d2f6a5963b808f2e18b3f1619dd8a5f072f94c8f8f1646d82.exe"
    1⤵
      PID:508
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 808
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3680
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 940
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3692
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 1076
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3380
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 1060
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:212
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 1072
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1320
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 1088
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:2252
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 1208
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:1352
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 1416
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:2872
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 1364
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:576
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 1428
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:952
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 1332
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:3864
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 1392
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:4092
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 1440
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        PID:3940

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/212-17-0x0000000004A30000-0x0000000004A31000-memory.dmp
      Filesize

      4KB

      Download
    • memory/212-20-0x0000000005160000-0x0000000005161000-memory.dmp
      Filesize

      4KB

      Download
    • memory/508-1-0x0000000002A70000-0x0000000002A71000-memory.dmp
      Filesize

      4KB

      Download
    • memory/508-0-0x0000000000FF6000-0x0000000000FF7000-memory.dmp
      Filesize

      4KB

      Download
    • memory/576-40-0x0000000004CA0000-0x0000000004CA1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/576-37-0x0000000004370000-0x0000000004371000-memory.dmp
      Filesize

      4KB

      Download
    • memory/952-44-0x0000000004F20000-0x0000000004F21000-memory.dmp
      Filesize

      4KB

      Download
    • memory/952-41-0x00000000046F0000-0x00000000046F1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1320-24-0x00000000049A0000-0x00000000049A1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1320-21-0x0000000004370000-0x0000000004371000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1352-32-0x0000000004D40000-0x0000000004D41000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1352-29-0x0000000004710000-0x0000000004711000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2252-28-0x0000000005410000-0x0000000005411000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2252-25-0x0000000004DE0000-0x0000000004DE1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2872-36-0x00000000055C0000-0x00000000055C1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2872-33-0x0000000004D90000-0x0000000004D91000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3380-16-0x0000000005190000-0x0000000005191000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3380-13-0x0000000004B60000-0x0000000004B61000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3680-3-0x00000000046C0000-0x00000000046C1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3680-8-0x00000000047C0000-0x00000000047C1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3680-2-0x00000000046C0000-0x00000000046C1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3692-9-0x0000000004370000-0x0000000004371000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3692-12-0x00000000047B0000-0x00000000047B1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3864-45-0x0000000004580000-0x0000000004581000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3864-48-0x0000000004F30000-0x0000000004F31000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3940-123-0x0000000004AC0000-0x0000000004AC1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3940-126-0x0000000005470000-0x0000000005471000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4092-49-0x0000000004370000-0x0000000004371000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4092-53-0x0000000004D20000-0x0000000004D21000-memory.dmp
      Filesize

      4KB

      Download