Analysis
-
max time kernel
14s -
max time network
151s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
20-06-2021 01:07
General
-
Target
4a8291d1b7e90e942220471d1335a544d59791d693a3065f0cff46632cd821c7.exe
-
Size
21KB
-
MD5
e0fa3beea2fdf9c48e26d128f624aa90
-
SHA1
d853e4f29d2832c3830441613cfe7f23889c660e
-
SHA256
4a8291d1b7e90e942220471d1335a544d59791d693a3065f0cff46632cd821c7
-
SHA512
4a549ec73a4e0fbc5285152bcb5c35da95d9bcc79e7f0b1c1d844bc4ce5d6639084246fea4a7e79285a12c82fa59046cef8a77870db895f573a88df6ec601dcf
Score
10/10
Malware Config
Signatures
-
Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4a8291d1b7e90e942220471d1335a544d59791d693a3065f0cff46632cd821c7.exe"C:\Users\Admin\AppData\Local\Temp\4a8291d1b7e90e942220471d1335a544d59791d693a3065f0cff46632cd821c7.exe"1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 640 -s 1322⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-