Resubmissions

12-11-2021 18:04

211112-wnzb8aahhm 10

19-11-2020 10:08

201119-rhwlt38jrx 10

18-11-2020 17:26

201118-htd4fq29va 10

Analysis

  • max time kernel
    315s
  • max time network
    381s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    19-11-2020 10:08

General

  • Target

    WSHSetup[1].exe

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\WSHSetup[1].exe
    "C:\Users\Admin\AppData\Local\Temp\WSHSetup[1].exe"
    1⤵
    • NTFS ADS
    PID:1192
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 1524
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3220-0-0x0000000004C60000-0x0000000004C61000-memory.dmp

    Filesize

    4KB

  • memory/3220-1-0x0000000004C60000-0x0000000004C61000-memory.dmp

    Filesize

    4KB

  • memory/3220-3-0x0000000005490000-0x0000000005491000-memory.dmp

    Filesize

    4KB