Analysis
-
max time kernel
18s -
max time network
110s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
14-11-2020 18:32
General
-
Target
f5a8f21a216eede8a672785d754efa4564d999dc72db8d0d03372e93a9fb03ba.exe
-
Size
514KB
-
MD5
fd6ace26797f628ab1fb77150a302f86
-
SHA1
c373c9160d469f67b12a7b7b8d25f2caa6b890f3
-
SHA256
f5a8f21a216eede8a672785d754efa4564d999dc72db8d0d03372e93a9fb03ba
-
SHA512
ab5e64cf958ba9be024b104b54eb3a1f95f231d34042b82281af6ed197bcc38b83421ec5a2ec8eb710da486652e5af65fd95e859144a05b5e45de5064dc2ca78
Score
3/10
Malware Config
Signatures
-
Program crash 6 IoCs
-
Suspicious behavior: EnumeratesProcesses 84 IoCs
-
Suspicious use of AdjustPrivilegeToken 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f5a8f21a216eede8a672785d754efa4564d999dc72db8d0d03372e93a9fb03ba.exe"C:\Users\Admin\AppData\Local\Temp\f5a8f21a216eede8a672785d754efa4564d999dc72db8d0d03372e93a9fb03ba.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 7402⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 8162⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 9042⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 9202⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 11922⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 12882⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/580-0-0x00000000025A1000-0x00000000025A2000-memory.dmpFilesize
4KB
-
memory/580-1-0x0000000004100000-0x0000000004101000-memory.dmpFilesize
4KB
-
memory/1180-13-0x0000000004C80000-0x0000000004C81000-memory.dmpFilesize
4KB
-
memory/1180-10-0x0000000004650000-0x0000000004651000-memory.dmpFilesize
4KB
-
memory/2996-17-0x0000000005520000-0x0000000005521000-memory.dmpFilesize
4KB
-
memory/2996-14-0x0000000004E70000-0x0000000004E71000-memory.dmpFilesize
4KB
-
memory/3292-9-0x0000000004970000-0x0000000004971000-memory.dmpFilesize
4KB
-
memory/3292-6-0x0000000004630000-0x0000000004631000-memory.dmpFilesize
4KB
-
memory/3576-22-0x0000000004BD0000-0x0000000004BD1000-memory.dmpFilesize
4KB
-
memory/3576-25-0x0000000005400000-0x0000000005401000-memory.dmpFilesize
4KB
-
memory/3624-5-0x0000000004A10000-0x0000000004A11000-memory.dmpFilesize
4KB
-
memory/3624-3-0x00000000044E0000-0x00000000044E1000-memory.dmpFilesize
4KB
-
memory/3624-2-0x00000000044E0000-0x00000000044E1000-memory.dmpFilesize
4KB
-
memory/4056-18-0x00000000049E0000-0x00000000049E1000-memory.dmpFilesize
4KB
-
memory/4056-21-0x0000000004F20000-0x0000000004F21000-memory.dmpFilesize
4KB