8dee31952250b0335eb20a948d71167d586e696a777e2f313dd3b1b953aba1e4 | Triage

Analysis

max time kernel
40s
max time network
57s
platform
windows10_x64
resource
win10v20210408
submitted
22-05-2021 10:50

Sharing

Report Analysis Logs

General

Target

8dee31952250b0335eb20a948d71167d586e696a777e2f313dd3b1b953aba1e4.exe
Size

22KB
MD5

dae0a57f09cfc41ade922b0bbb436d1b
SHA1

46c8e510d998718b98c61b04375dcd92f81574ab
SHA256

8dee31952250b0335eb20a948d71167d586e696a777e2f313dd3b1b953aba1e4
SHA512

f4d39b5555e0da1a383c609f3aac8347c0a9fd98939563d3761c6bdde66bf8ced83cc166a3894875985e2c30a9707ff98a8aa82b402044d74daccd1e7efc8b82

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3760	472	WerFault.exe	67

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3760	WerFault.exe
3760	WerFault.exe
3760	WerFault.exe
3760	WerFault.exe
3760	WerFault.exe
3760	WerFault.exe
3760	WerFault.exe
3760	WerFault.exe
3760	WerFault.exe
3760	WerFault.exe
3760	WerFault.exe
3760	WerFault.exe
3760	WerFault.exe
3760	WerFault.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3760	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\8dee31952250b0335eb20a948d71167d586e696a777e2f313dd3b1b953aba1e4.exe
"C:\Users\Admin\AppData\Local\Temp\8dee31952250b0335eb20a948d71167d586e696a777e2f313dd3b1b953aba1e4.exe"
1⤵
PID:472
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 472 -s 152
  2⤵
  - Program crash
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads