Analysis
-
max time kernel
55s -
max time network
136s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
21-11-2020 12:18
Static task
static1
Behavioral task
behavioral1
Sample
Mailflow Cracked/Mailflow.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Mailflow Cracked/Mailflow.exe
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
Mailflow Cracked/Mailflow.exe
-
Size
4.3MB
-
MD5
b515751ff6cbbd648d2b8a30ecca56e1
-
SHA1
5e967e855bb5c42ff8b10be7ef57e5431dc3fcf5
-
SHA256
e6ffafa751911d0a8d49844aaca114388aef42b0980b566636ea06bc2be8e07a
-
SHA512
19c9e754faf934e3c04ad6c97ceae030f82f41d193234ddea4c2ac347e12a4cd286ce4dfeb401de3886742b39dfc1c2c26b3f05ba6130a445829b82103263c25
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2616 508 WerFault.exe Mailflow.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 2616 WerFault.exe 2616 WerFault.exe 2616 WerFault.exe 2616 WerFault.exe 2616 WerFault.exe 2616 WerFault.exe 2616 WerFault.exe 2616 WerFault.exe 2616 WerFault.exe 2616 WerFault.exe 2616 WerFault.exe 2616 WerFault.exe 2616 WerFault.exe 2616 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 2616 WerFault.exe Token: SeBackupPrivilege 2616 WerFault.exe Token: SeDebugPrivilege 2616 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Mailflow Cracked\Mailflow.exe"C:\Users\Admin\AppData\Local\Temp\Mailflow Cracked\Mailflow.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 19642⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/508-0-0x0000000073520000-0x0000000073C0E000-memory.dmpFilesize
6.9MB
-
memory/508-1-0x0000000000800000-0x0000000000801000-memory.dmpFilesize
4KB
-
memory/508-3-0x0000000005990000-0x0000000005991000-memory.dmpFilesize
4KB
-
memory/508-4-0x0000000005530000-0x0000000005531000-memory.dmpFilesize
4KB
-
memory/508-5-0x00000000058B0000-0x00000000058B1000-memory.dmpFilesize
4KB
-
memory/508-6-0x0000000008170000-0x0000000008171000-memory.dmpFilesize
4KB
-
memory/508-7-0x000000000C230000-0x000000000C231000-memory.dmpFilesize
4KB
-
memory/2616-12-0x0000000004120000-0x0000000004121000-memory.dmpFilesize
4KB
-
memory/2616-15-0x0000000004960000-0x0000000004961000-memory.dmpFilesize
4KB