Resubmissions
12-11-2021 18:04
211112-wnzb8aahhm 1019-11-2020 10:08
201119-rhwlt38jrx 1018-11-2020 17:26
201118-htd4fq29va 10Analysis
-
max time kernel
315s -
max time network
381s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
19-11-2020 10:08
General
-
Target
WSHSetup[1].exe
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\WSHSetup[1].exe"C:\Users\Admin\AppData\Local\Temp\WSHSetup[1].exe"1⤵
- NTFS ADS
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 15242⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3220-0-0x0000000004C60000-0x0000000004C61000-memory.dmpFilesize
4KB
-
memory/3220-1-0x0000000004C60000-0x0000000004C61000-memory.dmpFilesize
4KB
-
memory/3220-3-0x0000000005490000-0x0000000005491000-memory.dmpFilesize
4KB