3ad0af44a4269c0121eeb19cee197a90b4a7e862b5ce04eab6aafc021dd6e7a3 | Triage

Resubmissions

18-08-2021 21:12

210818-4y2nlxfp46 10

19-05-2021 11:54

210519-macc77ed1x 10

Analysis

max time kernel
27s
max time network
36s
platform
windows10_x64
resource
win10v20210408
submitted
19-05-2021 11:54

Sharing

Report Analysis Logs

General

Target

3ad0af44a4269c0121eeb19cee197a90b4a7e862b5ce04eab6aafc021dd6e7a3.exe
Size

22KB
MD5

8cd81ae69ade058076263addc8dd3ebb
SHA1

362eb81ecac33897d4dd2a3f175efaaf0fe2c2f5
SHA256

3ad0af44a4269c0121eeb19cee197a90b4a7e862b5ce04eab6aafc021dd6e7a3
SHA512

6170bc3191b8d88043b5c7799c17338f4717af087fa4524141955d2e6cfb0cb468262bcc5c466fe39adfbc534796a79e06d84894ae9f7911b2353460580dac21

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2332 620 WerFault.exe 3ad0af44a4269c0121eeb19cee197a90b4a7e862b5ce04eab6aafc021dd6e7a3.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

WerFault.exe

pid	process
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

WerFault.exe

description pid process

Token: SeDebugPrivilege 2332 WerFault.exe

C:\Users\Admin\AppData\Local\Temp\3ad0af44a4269c0121eeb19cee197a90b4a7e862b5ce04eab6aafc021dd6e7a3.exe
"C:\Users\Admin\AppData\Local\Temp\3ad0af44a4269c0121eeb19cee197a90b4a7e862b5ce04eab6aafc021dd6e7a3.exe"
1⤵
PID:620

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 620 -s 152
2⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2332

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...