Analysis
-
max time kernel
141s -
max time network
140s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
17-11-2020 15:16
General
-
Target
13d84033f65345d8a87391ec0eb6b482.exe
-
Size
28KB
-
MD5
13d84033f65345d8a87391ec0eb6b482
-
SHA1
b6354b17def07e0ead0f90a30b50c9090e720e5f
-
SHA256
099803578388c6f4a6a4904fdb0b8b8e77e7ee9c14eccbda79272baf92093e18
-
SHA512
5093353181b2c6cb0ec0c421e7e5b87e3e222fd6fb5e250bed960ebad1a0041be4e7ba412067e1c6d4eba6e1248c59022eef87c281346c507aa0ae8990fe285f
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Delays execution with timeout.exe 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\13d84033f65345d8a87391ec0eb6b482.exe"C:\Users\Admin\AppData\Local\Temp\13d84033f65345d8a87391ec0eb6b482.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\timeout.exetimeout 52⤵
- Delays execution with timeout.exe
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 364 -s 9842⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/276-4-0x0000000000000000-mapping.dmp
-
memory/276-5-0x0000000001D70000-0x0000000001D81000-memory.dmpFilesize
68KB
-
memory/276-6-0x00000000026E0000-0x00000000026F1000-memory.dmpFilesize
68KB
-
memory/364-0-0x0000000073F40000-0x000000007462E000-memory.dmpFilesize
6.9MB
-
memory/364-1-0x000000000FCE0000-0x000000000FCE1000-memory.dmpFilesize
4KB
-
memory/1812-3-0x0000000000000000-mapping.dmp