Resubmissions

12-11-2021 18:04

211112-wnzb8aahhm 10

19-11-2020 10:08

201119-rhwlt38jrx 10

18-11-2020 17:26

201118-htd4fq29va 10

Analysis

  • max time kernel
    314s
  • max time network
    382s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    19-11-2020 10:08

General

  • Target

    CVWSHSetup[1].bin/WSHSetup[1].exe

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CVWSHSetup[1].bin\WSHSetup[1].exe
    "C:\Users\Admin\AppData\Local\Temp\CVWSHSetup[1].bin\WSHSetup[1].exe"
    1⤵
    • NTFS ADS
    PID:984
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 1512
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1992-0-0x0000000004550000-0x0000000004551000-memory.dmp
    Filesize

    4KB

  • memory/1992-1-0x0000000004940000-0x0000000004941000-memory.dmp
    Filesize

    4KB

  • memory/1992-2-0x0000000004D40000-0x0000000004D41000-memory.dmp
    Filesize

    4KB