2114df8dffa2218844abfd36181e0f6180b9936498deb7c1b0e5c5b6c3dcc8ed | Triage

Analysis

max time kernel
147s
max time network
148s
platform
windows10_x64
resource
win10v20210410
submitted
08-05-2021 23:45

Sharing

Report Analysis Logs

General

Target

2114df8dffa2218844abfd36181e0f6180b9936498deb7c1b0e5c5b6c3dcc8ed.exe
Size

711KB
MD5

b2765569180740f7c8a303fc68b8d4d1
SHA1

2b42159578b1d68eadcc056e4c6f32297e19c90a
SHA256

2114df8dffa2218844abfd36181e0f6180b9936498deb7c1b0e5c5b6c3dcc8ed
SHA512

2c2bd34704a6838787f274c2e699199211d2de9160394606e9e194555661d93365b687d9a5347d40cd0f7e7da1bb0694517399ad1ae3254a5426a837ccedf093

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2040	3984	WerFault.exe	16

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2040	WerFault.exe
2040	WerFault.exe
2040	WerFault.exe
2040	WerFault.exe
2040	WerFault.exe
2040	WerFault.exe
2040	WerFault.exe
2040	WerFault.exe
2040	WerFault.exe
2040	WerFault.exe
2040	WerFault.exe
2040	WerFault.exe
2040	WerFault.exe
2040	WerFault.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	2040	WerFault.exe
Token: SeBackupPrivilege	2040	WerFault.exe
Token: SeDebugPrivilege	2040	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\2114df8dffa2218844abfd36181e0f6180b9936498deb7c1b0e5c5b6c3dcc8ed.exe
"C:\Users\Admin\AppData\Local\Temp\2114df8dffa2218844abfd36181e0f6180b9936498deb7c1b0e5c5b6c3dcc8ed.exe"
1⤵
PID:3984
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 544
  2⤵
  - Program crash
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads