9f72ed1dc20575f4e19a75256a0df8871561008ce1387e12d932598c21a5b16f | Triage

Analysis

max time kernel
11s
max time network
123s
platform
windows10_x64
resource
win10v20210410
submitted
22-06-2021 14:07

Sharing

Report Analysis Logs

General

Target

7.exe
Size

21KB
MD5

555aee36e8e1c0e684e658b9ef65bc83
SHA1

f8afbddf6e6ab23f914f961b2eedc51f8b78fabd
SHA256

9f72ed1dc20575f4e19a75256a0df8871561008ce1387e12d932598c21a5b16f
SHA512

b65578a6c9ed2d9262776a73ebb230aa3deeb7e4aa829add17024609261c58dd9e941d6ebde5a6dcac824b56df8d7dccce4938d498069800cc63f14a05513b52

Score

10^/10

Malware Config

Signatures

Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 520 created 3904	520	WerFault.exe	37

Program crash 1 IoCs

pid	pid_target	Process	procid_target
520	3904	WerFault.exe	37

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
520	WerFault.exe
520	WerFault.exe
520	WerFault.exe
520	WerFault.exe
520	WerFault.exe
520	WerFault.exe
520	WerFault.exe
520	WerFault.exe
520	WerFault.exe
520	WerFault.exe
520	WerFault.exe
520	WerFault.exe
520	WerFault.exe
520	WerFault.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	520	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\7.exe
"C:\Users\Admin\AppData\Local\Temp\7.exe"
1⤵
PID:3904
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3904 -s 132
  2⤵
  - Suspicious use of NtCreateProcessExOtherParentProcess
  - Program crash
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads