41c0cc28124721809be0242cbe90e5f85c5e96dcee248a138cab97f07476bf53

General

Target

2214/coordinator.exe
Size

9.6MB
MD5

d4ead13be3274f2b42fb3b53ff142cd9
SHA1

d7cb84bcb2c3e4f57171462000c125f35e63f7e8
SHA256

554f8fea1460df263070edd9f0b5cf2905fa677e744b53734ffc0b321ca311b2
SHA512

6aada02815a75297f57c81cb8ac3db54b8cfd4888d586445f23b6f7296c9a9a167bafe5a3f581bd795e4f18e7a0cde660c9552612d706dbd88e3121477111233

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3856 1736 WerFault.exe coordinator.exe

pid	pid_target	process	target process
3856	1736	WerFault.exe	coordinator.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

WerFault.exe

pid	process
3856	WerFault.exe
3856	WerFault.exe
3856	WerFault.exe
3856	WerFault.exe
3856	WerFault.exe
3856	WerFault.exe
3856	WerFault.exe
3856	WerFault.exe
3856	WerFault.exe
3856	WerFault.exe
3856	WerFault.exe
3856	WerFault.exe
3856	WerFault.exe
3856	WerFault.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

Processes:

coordinator.exeWerFault.exe

description	pid	process
Token: SeBackupPrivilege	1736	coordinator.exe
Token: SeSecurityPrivilege	1736	coordinator.exe
Token: SeSecurityPrivilege	1736	coordinator.exe
Token: SeSecurityPrivilege	1736	coordinator.exe
Token: SeRestorePrivilege	3856	WerFault.exe
Token: SeBackupPrivilege	3856	WerFault.exe
Token: SeDebugPrivilege	3856	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\2214\coordinator.exe
"C:\Users\Admin\AppData\Local\Temp\2214\coordinator.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 2932
2⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3856

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1736-115-0x0000000000770000-0x000000000078C000-memory.dmp

Filesize
112KB

Download
memory/1736-116-0x0000000003940000-0x0000000003953000-memory.dmp

Filesize
76KB

Download
memory/1736-117-0x0000000003B40000-0x0000000003BDD000-memory.dmp

Filesize
628KB

Download
memory/1736-118-0x0000000003BE0000-0x0000000003C25000-memory.dmp

Filesize
276KB

Download
memory/1736-119-0x0000000003960000-0x0000000003983000-memory.dmp

Filesize
140KB

Download
memory/1736-120-0x00000000007A0000-0x00000000007AD000-memory.dmp

Filesize
52KB

Download
memory/1736-121-0x0000000003C30000-0x0000000003C86000-memory.dmp

Filesize
344KB

Download
memory/1736-122-0x0000000005FF0000-0x000000000603C000-memory.dmp

Filesize
304KB

Download
memory/1736-123-0x0000000003990000-0x000000000399E000-memory.dmp

Filesize
56KB

Download
memory/1736-124-0x0000000006040000-0x0000000006087000-memory.dmp

Filesize
284KB

Download
memory/1736-125-0x0000000006090000-0x00000000060BB000-memory.dmp

Filesize
172KB

Download
memory/1736-126-0x00000000060C0000-0x00000000060FE000-memory.dmp

Filesize
248KB

Download
memory/1736-127-0x0000000006100000-0x0000000006154000-memory.dmp

Filesize
336KB

Download
memory/1736-128-0x0000000006160000-0x000000000617C000-memory.dmp

Filesize
112KB

Download
memory/1736-129-0x0000000006180000-0x00000000061DB000-memory.dmp

Filesize
364KB

Download
memory/1736-130-0x00000000061E0000-0x0000000006210000-memory.dmp

Filesize
192KB

Download
memory/1736-131-0x0000000006210000-0x0000000006241000-memory.dmp

Filesize
196KB

Download
memory/1736-132-0x0000000006250000-0x00000000062B9000-memory.dmp

Filesize
420KB

Download
memory/1736-133-0x00000000062C0000-0x00000000062D4000-memory.dmp

Filesize
80KB

Download
memory/1736-134-0x00000000062E0000-0x0000000006333000-memory.dmp

Filesize
332KB

Download
memory/1736-135-0x0000000006340000-0x0000000006379000-memory.dmp

Filesize
228KB

Download
memory/1736-136-0x0000000006380000-0x00000000064A5000-memory.dmp

Filesize
1.1MB

Download
memory/1736-137-0x00000000064B0000-0x0000000006634000-memory.dmp

Filesize
1.5MB

Download
memory/1736-138-0x0000000006640000-0x000000000664D000-memory.dmp

Filesize
52KB

Download
memory/1736-139-0x0000000006650000-0x0000000006671000-memory.dmp

Filesize
132KB

Download
memory/1736-140-0x0000000006680000-0x00000000066A8000-memory.dmp

Filesize
160KB

Download
memory/1736-141-0x00000000066B0000-0x0000000006723000-memory.dmp

Filesize
460KB

Download
memory/1736-142-0x0000000006730000-0x00000000068DB000-memory.dmp

Filesize
1.7MB

Download
memory/1736-143-0x00000000068E0000-0x0000000006978000-memory.dmp

Filesize
608KB

Download
memory/1736-144-0x0000000006980000-0x0000000006A01000-memory.dmp

Filesize
516KB

Download
memory/1736-145-0x0000000006A20000-0x0000000006A51000-memory.dmp

Filesize
196KB

Download
memory/1736-146-0x0000000006A60000-0x0000000006AD8000-memory.dmp

Filesize
480KB

Download
memory/1736-147-0x0000000006AE0000-0x0000000006AF4000-memory.dmp

Filesize
80KB

Download
memory/1736-148-0x0000000006B00000-0x0000000006B33000-memory.dmp

Filesize
204KB

Download
memory/1736-149-0x0000000006B40000-0x0000000006B6E000-memory.dmp

Filesize
184KB

Download
memory/1736-150-0x0000000006B70000-0x0000000006B81000-memory.dmp

Filesize
68KB

Download
memory/1736-151-0x0000000006B90000-0x0000000006BED000-memory.dmp

Filesize
372KB

Download
memory/1736-152-0x0000000006BF0000-0x0000000006C19000-memory.dmp

Filesize
164KB

Download
memory/1736-153-0x0000000006C30000-0x0000000006C40000-memory.dmp

Filesize
64KB

Download
memory/1736-154-0x0000000006C40000-0x0000000006C53000-memory.dmp

Filesize
76KB

Download
memory/1736-155-0x0000000006C60000-0x0000000006C70000-memory.dmp

Filesize
64KB

Download
memory/1736-156-0x0000000006C80000-0x0000000006C8F000-memory.dmp

Filesize
60KB

Download
memory/1736-157-0x0000000006C90000-0x0000000006E8E000-memory.dmp

Filesize
2.0MB

Download
memory/1736-158-0x0000000006E90000-0x0000000006EE2000-memory.dmp

Filesize
328KB

Download
memory/1736-159-0x0000000006EF0000-0x0000000006F20000-memory.dmp

Filesize
192KB

Download
memory/1736-160-0x0000000006F20000-0x0000000006F41000-memory.dmp

Filesize
132KB

Download
memory/1736-161-0x0000000006F50000-0x0000000006F71000-memory.dmp

Filesize
132KB

Download
memory/1736-162-0x0000000006F80000-0x0000000006FA3000-memory.dmp

Filesize
140KB

Download
memory/1736-163-0x0000000006FB0000-0x0000000006FE9000-memory.dmp

Filesize
228KB

Download
memory/1736-164-0x0000000006FF0000-0x0000000007003000-memory.dmp

Filesize
76KB

Download
memory/1736-165-0x0000000007FE0000-0x0000000008086000-memory.dmp

Filesize
664KB

Download
memory/1736-166-0x0000000008090000-0x00000000080AA000-memory.dmp

Filesize
104KB

Download
memory/1736-167-0x00000000080B0000-0x00000000080C5000-memory.dmp

Filesize
84KB

Download
memory/1736-168-0x00000000080D0000-0x000000000814D000-memory.dmp

Filesize
500KB

Download
memory/1736-169-0x0000000008150000-0x0000000008264000-memory.dmp

Filesize
1.1MB

Download
memory/1736-170-0x0000000008280000-0x00000000082AC000-memory.dmp

Filesize
176KB

Download
memory/1736-171-0x00000000082B0000-0x00000000082EA000-memory.dmp

Filesize
232KB

Download
memory/1736-172-0x00000000082F0000-0x000000000831E000-memory.dmp

Filesize
184KB

Download
memory/1736-173-0x00000000083D0000-0x00000000083DF000-memory.dmp

Filesize
60KB

Download
memory/1736-174-0x00000000083E0000-0x00000000083F9000-memory.dmp

Filesize
100KB

Download
memory/1736-175-0x0000000008400000-0x0000000008446000-memory.dmp

Filesize
280KB

Download
memory/1736-176-0x0000000008450000-0x0000000008492000-memory.dmp

Filesize
264KB

Download
memory/1736-177-0x00000000084A0000-0x00000000084BD000-memory.dmp

Filesize
116KB

Download
memory/1736-178-0x00000000084D0000-0x00000000084EF000-memory.dmp

Filesize
124KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads