6daa33fa17b113a10a797fe9fc170e11170549c2ca5eb609f0f9d9f64283abac | Triage

Analysis

max time kernel
10s
max time network
115s
platform
windows10_x64
resource
win10v20210410
submitted
25-06-2021 15:06

Sharing

Report Analysis Logs

General

Target

6daa33fa17b113a10a797fe9fc170e11170549c2ca5eb609f0f9d9f64283abac.bin.exe
Size

124KB
MD5

d337ce3673027b5ada079afeade07a67
SHA1

2e1df897475fb1877a4121e488071df3522b5368
SHA256

6daa33fa17b113a10a797fe9fc170e11170549c2ca5eb609f0f9d9f64283abac
SHA512

03850b843be4655fb45b63693a8d94ee950666fca9b3567cbc380189956b305fd78a706db4ef5efa0d7ea575074d0f60a49ca122fd809ee2001cffc4f050f4b3

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2224	3560	WerFault.exe	42

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2224	WerFault.exe
2224	WerFault.exe
2224	WerFault.exe
2224	WerFault.exe
2224	WerFault.exe
2224	WerFault.exe
2224	WerFault.exe
2224	WerFault.exe
2224	WerFault.exe
2224	WerFault.exe
2224	WerFault.exe
2224	WerFault.exe
2224	WerFault.exe
2224	WerFault.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	2224	WerFault.exe
Token: SeBackupPrivilege	2224	WerFault.exe
Token: SeDebugPrivilege	2224	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\6daa33fa17b113a10a797fe9fc170e11170549c2ca5eb609f0f9d9f64283abac.bin.exe
"C:\Users\Admin\AppData\Local\Temp\6daa33fa17b113a10a797fe9fc170e11170549c2ca5eb609f0f9d9f64283abac.bin.exe"
1⤵
PID:3560
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 260
  2⤵
  - Program crash
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads