43c8e1444ca6aebed5579b1a6b52dfc9529bc5a13d150b663fa32c1f1eb779b9 | Triage

Analysis

max time kernel
145s
max time network
148s
platform
windows10_x64
resource
win10v20210410
submitted
09-05-2021 19:46

Sharing

Report Analysis Logs

General

Target

43c8e1444ca6aebed5579b1a6b52dfc9529bc5a13d150b663fa32c1f1eb779b9.exe
Size

295KB
MD5

90dfee7c87c52526ec43b8cc485fa0be
SHA1

cb3ed1d97bb777be0cea46c558a7fcde4a3e269c
SHA256

43c8e1444ca6aebed5579b1a6b52dfc9529bc5a13d150b663fa32c1f1eb779b9
SHA512

87c4727f105fa00f761b8069d43e45b74a51529abb961e76ef7575916d272dffa1dd6cdf3451cf564c8fd27744b9e8b67216d7f4f9f1e2be6a5256b9e194ce32

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

wermgr.exe

description pid process

Token: SeDebugPrivilege 2984 wermgr.exe
Token: SeDebugPrivilege 2984 wermgr.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

43c8e1444ca6aebed5579b1a6b52dfc9529bc5a13d150b663fa32c1f1eb779b9.exe

description	pid	process	target process
PID 4048 wrote to memory of 2984	4048	43c8e1444ca6aebed5579b1a6b52dfc9529bc5a13d150b663fa32c1f1eb779b9.exe	wermgr.exe
PID 4048 wrote to memory of 2984	4048	43c8e1444ca6aebed5579b1a6b52dfc9529bc5a13d150b663fa32c1f1eb779b9.exe	wermgr.exe
PID 4048 wrote to memory of 2984	4048	43c8e1444ca6aebed5579b1a6b52dfc9529bc5a13d150b663fa32c1f1eb779b9.exe	wermgr.exe
PID 4048 wrote to memory of 2984	4048	43c8e1444ca6aebed5579b1a6b52dfc9529bc5a13d150b663fa32c1f1eb779b9.exe	wermgr.exe

C:\Users\Admin\AppData\Local\Temp\43c8e1444ca6aebed5579b1a6b52dfc9529bc5a13d150b663fa32c1f1eb779b9.exe
"C:\Users\Admin\AppData\Local\Temp\43c8e1444ca6aebed5579b1a6b52dfc9529bc5a13d150b663fa32c1f1eb779b9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4048

C:\Windows\system32\wermgr.exe
C:\Windows\system32\wermgr.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2984-115-0x0000000000000000-mapping.dmp

Download
memory/2984-120-0x0000021008640000-0x0000021008660000-memory.dmp

Filesize
128KB

Download
memory/4048-114-0x0000000000D50000-0x0000000000D73000-memory.dmp

Filesize
140KB

Download
memory/4048-119-0x0000000010001000-0x0000000010003000-memory.dmp

Filesize
8KB

Download
memory/4048-118-0x0000000001030000-0x0000000001031000-memory.dmp

Filesize
4KB

Download