154fcf6de1a4d2148da99d796d7c611b10d894546610561b588a970ab7c7053f

Resubmissions

18-12-2020 05:56

Target

5e7740afdd5c5865a2304e2f7c5fc3f1cd1016f503a4b1752923f44059fd1a57.exe
Size

208KB
MD5

35e3868c7d28d2ed87248077f670c707
SHA1

8e54a89fc59683cee86de964ec475dea9fc5618b
SHA256

5e7740afdd5c5865a2304e2f7c5fc3f1cd1016f503a4b1752923f44059fd1a57
SHA512

c8bbf7d192aff6c45005700014a22ea72832febc73b16ae925b339a356815b27bea3252917a9aa94e48fc05377b85bd1206f33c7e46fb17bdf325aff7ef40e37

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1520	1824	WerFault.exe	24

Suspicious behavior: EnumeratesProcesses 5 IoCs

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1520	WerFault.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1520	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1824 wrote to memory of 1520	1824	5e7740afdd5c5865a2304e2f7c5fc3f1cd1016f503a4b1752923f44059fd1a57.exe	29
PID 1824 wrote to memory of 1520	1824	5e7740afdd5c5865a2304e2f7c5fc3f1cd1016f503a4b1752923f44059fd1a57.exe	29
PID 1824 wrote to memory of 1520	1824	5e7740afdd5c5865a2304e2f7c5fc3f1cd1016f503a4b1752923f44059fd1a57.exe	29
PID 1824 wrote to memory of 1520	1824	5e7740afdd5c5865a2304e2f7c5fc3f1cd1016f503a4b1752923f44059fd1a57.exe	29

C:\Users\Admin\AppData\Local\Temp\5e7740afdd5c5865a2304e2f7c5fc3f1cd1016f503a4b1752923f44059fd1a57.exe
"C:\Users\Admin\AppData\Local\Temp\5e7740afdd5c5865a2304e2f7c5fc3f1cd1016f503a4b1752923f44059fd1a57.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1824
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 208
  2⤵
  - Program crash
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  PID:1520

memory/1520-4-0x0000000001E30000-0x0000000001E41000-memory.dmp

Filesize
68KB

Download
memory/1824-2-0x0000000001260000-0x000000000126E000-memory.dmp

Filesize
56KB

Download