cc5e2cf9d56c9fdf251916cbff834e227a472ef340db4e80cda586f34b01ab2e | Triage

Analysis

max time kernel
106s
max time network
112s
platform
windows10_x64
resource
win10v20210408
submitted
09-05-2021 14:09

Sharing

Report Analysis Logs

General

Target

cc5e2cf9d56c9fdf251916cbff834e227a472ef340db4e80cda586f34b01ab2e.exe
Size

711KB
MD5

4172fefa1ccd479a032d73f48ad60c26
SHA1

937b36030d6789a14de5ce923701586a42710980
SHA256

cc5e2cf9d56c9fdf251916cbff834e227a472ef340db4e80cda586f34b01ab2e
SHA512

f55ef1c2184ccbf4bf09453b90645543b84a5f03001dd8a663e53e11f4f376b884cc1c2878213876c7275affcd630d7df296cb8f3be314c31e14d05d64cca6a0

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3144	808	WerFault.exe	67

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3144	WerFault.exe
3144	WerFault.exe
3144	WerFault.exe
3144	WerFault.exe
3144	WerFault.exe
3144	WerFault.exe
3144	WerFault.exe
3144	WerFault.exe
3144	WerFault.exe
3144	WerFault.exe
3144	WerFault.exe
3144	WerFault.exe
3144	WerFault.exe
3144	WerFault.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	3144	WerFault.exe
Token: SeBackupPrivilege	3144	WerFault.exe
Token: SeDebugPrivilege	3144	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\cc5e2cf9d56c9fdf251916cbff834e227a472ef340db4e80cda586f34b01ab2e.exe
"C:\Users\Admin\AppData\Local\Temp\cc5e2cf9d56c9fdf251916cbff834e227a472ef340db4e80cda586f34b01ab2e.exe"
1⤵
PID:808
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 544
  2⤵
  - Program crash
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads