Analysis

  • max time kernel
    134s
  • max time network
    150s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    04-05-2021 15:24

General

  • Target

    h2.exe

  • Size

    797KB

  • MD5

    ba4def106cf0f92b51e258529ed6b486

  • SHA1

    481625bc584494c3124555ae185ebe6503e08080

  • SHA256

    1f040903902ff4b2e84299d82124035038d5365d31a97a3fdedf964a4775be48

  • SHA512

    dfd3545fa519c6a644ef2476e590bfad871530a3b4465f64c554d4983e2265bec2f035cec694588405a0f5962c2227388ab02c2c6af851c72507f80db2ac72b6

Score
8/10

Malware Config

Signatures

  • Disables Task Manager via registry modification
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 19 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\h2.exe
    "C:\Users\Admin\AppData\Local\Temp\h2.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4024
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 4024 -s 1228
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4024-114-0x00000000007F0000-0x00000000007F1000-memory.dmp
    Filesize

    4KB

  • memory/4024-116-0x00000000009E0000-0x00000000009E1000-memory.dmp
    Filesize

    4KB

  • memory/4024-117-0x0000000000EA0000-0x0000000000EA2000-memory.dmp
    Filesize

    8KB

  • memory/4024-118-0x000000001B7D0000-0x000000001B88A000-memory.dmp
    Filesize

    744KB

  • memory/4024-119-0x00000000009F0000-0x00000000009F1000-memory.dmp
    Filesize

    4KB