Analysis

  • max time kernel
    125s
  • max time network
    127s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    12-05-2021 19:34

General

  • Target

    3dabd40d564cf8a8163432abc38768b0a7d45f0fc1970d802dc33b9109feb6a6.exe

  • Size

    59KB

  • MD5

    c4f1a1b73e4af0fbb63af8ee89a5a7fe

  • SHA1

    5604a48ce74124fb478049976db48197896b6743

  • SHA256

    3dabd40d564cf8a8163432abc38768b0a7d45f0fc1970d802dc33b9109feb6a6

  • SHA512

    67e6b184b926b1de2fa1d4c429db33b4b4146a0c5eb6929422d6ec161654fc634dce7810a1deb0befdf7d932df1edfc02251d8193272c1d1c713a1df8da32ceb

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3dabd40d564cf8a8163432abc38768b0a7d45f0fc1970d802dc33b9109feb6a6.exe
    "C:\Users\Admin\AppData\Local\Temp\3dabd40d564cf8a8163432abc38768b0a7d45f0fc1970d802dc33b9109feb6a6.exe"
    1⤵
      PID:2184
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 224
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1900

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads