Analysis
-
max time kernel
141s -
max time network
146s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
13-05-2021 12:57
General
-
Target
d1167dc9f0ef8dd16c0b5675247f369334dff56413a2dee459c5cee3fd5a25ba.exe
-
Size
426KB
-
MD5
eb8fcc126b19d339fc633648961a981c
-
SHA1
5261c6195cce1ca134e1407ce6effde1f1915597
-
SHA256
d1167dc9f0ef8dd16c0b5675247f369334dff56413a2dee459c5cee3fd5a25ba
-
SHA512
d56efea63776e3dc5d129b76161e9b9ac5ecc3c7cefb729d471b255f6d42b0e21b5dc65dd5372b9321f17ea110743e79bd42f73dc75f62d1e20ea8fe9c34e0f8
Score
3/10
Malware Config
Signatures
-
Program crash 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 28 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d1167dc9f0ef8dd16c0b5675247f369334dff56413a2dee459c5cee3fd5a25ba.exe"C:\Users\Admin\AppData\Local\Temp\d1167dc9f0ef8dd16c0b5675247f369334dff56413a2dee459c5cee3fd5a25ba.exe"1⤵
- Suspicious behavior: RenamesItself
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 3402⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 4002⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
eb8fcc126b19d339fc633648961a981c
SHA15261c6195cce1ca134e1407ce6effde1f1915597
SHA256d1167dc9f0ef8dd16c0b5675247f369334dff56413a2dee459c5cee3fd5a25ba
SHA512d56efea63776e3dc5d129b76161e9b9ac5ecc3c7cefb729d471b255f6d42b0e21b5dc65dd5372b9321f17ea110743e79bd42f73dc75f62d1e20ea8fe9c34e0f8