Analysis
-
max time kernel
30s -
max time network
104s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
21-11-2020 10:26
General
-
Target
020bc13012ce4db6e204cb1ed174851e.exe
-
Size
604KB
-
MD5
020bc13012ce4db6e204cb1ed174851e
-
SHA1
46f8ff39e0d5f476b0c2e3a1c8feefdfec32a0b2
-
SHA256
265e971392e878a245def23cc9544060fcafbdc0c61c66cf128688f3d64e2179
-
SHA512
891367401d14b9e41fc0379fc0bdc04526e023e01f6e91c731d14c790b8b6483a11761c34b2d5a673b73acd45761d11916e6a4a6d692c9e4955ad86f7b00b079
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\020bc13012ce4db6e204cb1ed174851e.exe"C:\Users\Admin\AppData\Local\Temp\020bc13012ce4db6e204cb1ed174851e.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 79282⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4328-6-0x0000000004610000-0x0000000004611000-memory.dmpFilesize
4KB
-
memory/4328-7-0x0000000004610000-0x0000000004611000-memory.dmpFilesize
4KB
-
memory/4328-9-0x0000000004610000-0x0000000004611000-memory.dmpFilesize
4KB
-
memory/4328-10-0x0000000004810000-0x0000000004811000-memory.dmpFilesize
4KB
-
memory/4756-0-0x0000000073150000-0x000000007383E000-memory.dmpFilesize
6.9MB
-
memory/4756-1-0x00000000005E0000-0x00000000005E1000-memory.dmpFilesize
4KB
-
memory/4756-3-0x0000000004E60000-0x0000000004E61000-memory.dmpFilesize
4KB
-
memory/4756-4-0x0000000005430000-0x000000000546E000-memory.dmpFilesize
248KB