Analysis
-
max time kernel
145s -
max time network
148s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
09-05-2021 19:46
Static task
static1
Behavioral task
behavioral1
Sample
43c8e1444ca6aebed5579b1a6b52dfc9529bc5a13d150b663fa32c1f1eb779b9.exe
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
43c8e1444ca6aebed5579b1a6b52dfc9529bc5a13d150b663fa32c1f1eb779b9.exe
Resource
win10v20210410
windows10_x64
0 signatures
0 seconds
General
-
Target
43c8e1444ca6aebed5579b1a6b52dfc9529bc5a13d150b663fa32c1f1eb779b9.exe
-
Size
295KB
-
MD5
90dfee7c87c52526ec43b8cc485fa0be
-
SHA1
cb3ed1d97bb777be0cea46c558a7fcde4a3e269c
-
SHA256
43c8e1444ca6aebed5579b1a6b52dfc9529bc5a13d150b663fa32c1f1eb779b9
-
SHA512
87c4727f105fa00f761b8069d43e45b74a51529abb961e76ef7575916d272dffa1dd6cdf3451cf564c8fd27744b9e8b67216d7f4f9f1e2be6a5256b9e194ce32
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
wermgr.exedescription pid process Token: SeDebugPrivilege 2984 wermgr.exe Token: SeDebugPrivilege 2984 wermgr.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
43c8e1444ca6aebed5579b1a6b52dfc9529bc5a13d150b663fa32c1f1eb779b9.exedescription pid process target process PID 4048 wrote to memory of 2984 4048 43c8e1444ca6aebed5579b1a6b52dfc9529bc5a13d150b663fa32c1f1eb779b9.exe wermgr.exe PID 4048 wrote to memory of 2984 4048 43c8e1444ca6aebed5579b1a6b52dfc9529bc5a13d150b663fa32c1f1eb779b9.exe wermgr.exe PID 4048 wrote to memory of 2984 4048 43c8e1444ca6aebed5579b1a6b52dfc9529bc5a13d150b663fa32c1f1eb779b9.exe wermgr.exe PID 4048 wrote to memory of 2984 4048 43c8e1444ca6aebed5579b1a6b52dfc9529bc5a13d150b663fa32c1f1eb779b9.exe wermgr.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\43c8e1444ca6aebed5579b1a6b52dfc9529bc5a13d150b663fa32c1f1eb779b9.exe"C:\Users\Admin\AppData\Local\Temp\43c8e1444ca6aebed5579b1a6b52dfc9529bc5a13d150b663fa32c1f1eb779b9.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\wermgr.exeC:\Windows\system32\wermgr.exe2⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2984-115-0x0000000000000000-mapping.dmp
-
memory/2984-120-0x0000021008640000-0x0000021008660000-memory.dmpFilesize
128KB
-
memory/4048-114-0x0000000000D50000-0x0000000000D73000-memory.dmpFilesize
140KB
-
memory/4048-119-0x0000000010001000-0x0000000010003000-memory.dmpFilesize
8KB
-
memory/4048-118-0x0000000001030000-0x0000000001031000-memory.dmpFilesize
4KB