3ad0af44a4269c0121eeb19cee197a90b4a7e862b5ce04eab6aafc021dd6e7a3 | Triage

Resubmissions

18/08/2021, 21:12

210818-4y2nlxfp46 10

19/05/2021, 11:54

210519-macc77ed1x 10

Analysis

max time kernel
27s
max time network
36s
platform
windows10_x64
resource
win10v20210408
submitted
19/05/2021, 11:54

Sharing

Report Analysis Logs

General

Target

3ad0af44a4269c0121eeb19cee197a90b4a7e862b5ce04eab6aafc021dd6e7a3.exe
Size

22KB
MD5

8cd81ae69ade058076263addc8dd3ebb
SHA1

362eb81ecac33897d4dd2a3f175efaaf0fe2c2f5
SHA256

3ad0af44a4269c0121eeb19cee197a90b4a7e862b5ce04eab6aafc021dd6e7a3
SHA512

6170bc3191b8d88043b5c7799c17338f4717af087fa4524141955d2e6cfb0cb468262bcc5c466fe39adfbc534796a79e06d84894ae9f7911b2353460580dac21

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2332	620	WerFault.exe	67

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2332	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\3ad0af44a4269c0121eeb19cee197a90b4a7e862b5ce04eab6aafc021dd6e7a3.exe
"C:\Users\Admin\AppData\Local\Temp\3ad0af44a4269c0121eeb19cee197a90b4a7e862b5ce04eab6aafc021dd6e7a3.exe"
1⤵
PID:620
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 620 -s 152
  2⤵
  - Program crash
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads