2eec6330f9cb463194a3e61ab70d31f52bf6500d9f17cc958d728c26b08b393f | Triage

Analysis

max time kernel
117s
max time network
119s
platform
windows10_x64
resource
win10v20210408
submitted
04-05-2021 20:32

Sharing

Report Analysis Logs

General

Target

2eec6330f9cb463194a3e61ab70d31f52bf6500d9f17cc958d728c26b08b393f.exe
Size

711KB
MD5

77fef4e9052116b8a88686c56d04197a
SHA1

9049daecc9b3eb4b497df6c11380af24fcd59a35
SHA256

2eec6330f9cb463194a3e61ab70d31f52bf6500d9f17cc958d728c26b08b393f
SHA512

ffa185f26ad0fb99f23601130c154259cb42d86abab4e8b172eed3ecfaf4438f5130eeb8afbbaeb2c92c57d0488b2608c8d2c4a2c09e6d1f1eb5c7efb3bbcc74

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1956	800	WerFault.exe	67

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1956	WerFault.exe
1956	WerFault.exe
1956	WerFault.exe
1956	WerFault.exe
1956	WerFault.exe
1956	WerFault.exe
1956	WerFault.exe
1956	WerFault.exe
1956	WerFault.exe
1956	WerFault.exe
1956	WerFault.exe
1956	WerFault.exe
1956	WerFault.exe
1956	WerFault.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	1956	WerFault.exe
Token: SeBackupPrivilege	1956	WerFault.exe
Token: SeDebugPrivilege	1956	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\2eec6330f9cb463194a3e61ab70d31f52bf6500d9f17cc958d728c26b08b393f.exe
"C:\Users\Admin\AppData\Local\Temp\2eec6330f9cb463194a3e61ab70d31f52bf6500d9f17cc958d728c26b08b393f.exe"
1⤵
PID:800
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 544
  2⤵
  - Program crash
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads