41c0cc28124721809be0242cbe90e5f85c5e96dcee248a138cab97f07476bf53

Analysis

max time kernel
298s
max time network
267s
platform
windows10_x64
resource
win10v20210410
submitted
15-07-2021 16:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

launch.bat
Size

108B
MD5

fd4594751cb4a3b23e54ae582c4dd0e8
SHA1

13218cd2470e14221f6fce227a056ca489c98fa7
SHA256

5d7a9c239af404e403f16dd2f1383aee58721c5cfd66e4e1a40e41aec2da057e
SHA512

34af0afd31ad70d21f642c56d1d14491a82213c2f524c9c24037173109ce88267257a33ee0a03cc8ce430697823833c4567b5fa457c9e8ab29ca638dff85131e

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4040 2012 WerFault.exe coordinator.exe

pid	pid_target	process	target process
4040	2012	WerFault.exe	coordinator.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

WerFault.exe

pid	process
4040	WerFault.exe
4040	WerFault.exe
4040	WerFault.exe
4040	WerFault.exe
4040	WerFault.exe
4040	WerFault.exe
4040	WerFault.exe
4040	WerFault.exe
4040	WerFault.exe
4040	WerFault.exe
4040	WerFault.exe
4040	WerFault.exe
4040	WerFault.exe
4040	WerFault.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

Processes:

coordinator.exeWerFault.exe

description	pid	process
Token: SeBackupPrivilege	2012	coordinator.exe
Token: SeSecurityPrivilege	2012	coordinator.exe
Token: SeSecurityPrivilege	2012	coordinator.exe
Token: SeSecurityPrivilege	2012	coordinator.exe
Token: SeRestorePrivilege	4040	WerFault.exe
Token: SeBackupPrivilege	4040	WerFault.exe
Token: SeDebugPrivilege	4040	WerFault.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 3680 wrote to memory of 2012	3680	cmd.exe	coordinator.exe
PID 3680 wrote to memory of 2012	3680	cmd.exe	coordinator.exe
PID 3680 wrote to memory of 2012	3680	cmd.exe	coordinator.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\launch.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3680

C:\Users\Admin\AppData\Local\Temp\2214\coordinator.exe
"C:\Users\Admin\AppData\Local\Temp\2214\coordinator.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 2980
3⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4040

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2012-114-0x0000000000000000-mapping.dmp

Download
memory/2012-115-0x0000000002840000-0x000000000285D000-memory.dmp

Filesize
116KB

Download
memory/2012-116-0x0000000002860000-0x000000000287C000-memory.dmp

Filesize
112KB

Download
memory/2012-117-0x0000000002880000-0x0000000002893000-memory.dmp

Filesize
76KB

Download
memory/2012-118-0x0000000003BB0000-0x0000000003C4D000-memory.dmp

Filesize
628KB

Download
memory/2012-119-0x0000000003E30000-0x0000000003E75000-memory.dmp

Filesize
276KB

Download
memory/2012-120-0x0000000003C50000-0x0000000003C73000-memory.dmp

Filesize
140KB

Download
memory/2012-121-0x0000000000F80000-0x0000000000F8D000-memory.dmp

Filesize
52KB

Download
memory/2012-122-0x0000000003E80000-0x0000000003ED6000-memory.dmp

Filesize
344KB

Download
memory/2012-123-0x0000000003EE0000-0x0000000003F2C000-memory.dmp

Filesize
304KB

Download
memory/2012-124-0x00000000028A0000-0x00000000028AE000-memory.dmp

Filesize
56KB

Download
memory/2012-125-0x0000000003F30000-0x0000000003F77000-memory.dmp

Filesize
284KB

Download
memory/2012-126-0x00000000062E0000-0x000000000630B000-memory.dmp

Filesize
172KB

Download
memory/2012-127-0x0000000006310000-0x000000000634E000-memory.dmp

Filesize
248KB

Download
memory/2012-128-0x0000000006350000-0x00000000063A4000-memory.dmp

Filesize
336KB

Download
memory/2012-129-0x00000000063B0000-0x00000000063CC000-memory.dmp

Filesize
112KB

Download
memory/2012-130-0x00000000063D0000-0x000000000642B000-memory.dmp

Filesize
364KB

Download
memory/2012-131-0x0000000006430000-0x0000000006460000-memory.dmp

Filesize
192KB

Download
memory/2012-132-0x0000000006460000-0x0000000006491000-memory.dmp

Filesize
196KB

Download
memory/2012-133-0x00000000064A0000-0x0000000006509000-memory.dmp

Filesize
420KB

Download
memory/2012-134-0x0000000006510000-0x0000000006524000-memory.dmp

Filesize
80KB

Download
memory/2012-135-0x0000000006530000-0x0000000006583000-memory.dmp

Filesize
332KB

Download
memory/2012-136-0x0000000006590000-0x00000000065C9000-memory.dmp

Filesize
228KB

Download
memory/2012-137-0x00000000065D0000-0x00000000066F5000-memory.dmp

Filesize
1.1MB

Download
memory/2012-138-0x0000000006700000-0x0000000006884000-memory.dmp

Filesize
1.5MB

Download
memory/2012-139-0x0000000003C80000-0x0000000003C8D000-memory.dmp

Filesize
52KB

Download
memory/2012-140-0x0000000006890000-0x00000000068B1000-memory.dmp

Filesize
132KB

Download
memory/2012-141-0x00000000068C0000-0x00000000068E8000-memory.dmp

Filesize
160KB

Download
memory/2012-142-0x00000000068F0000-0x0000000006963000-memory.dmp

Filesize
460KB

Download
memory/2012-143-0x0000000006970000-0x0000000006B1B000-memory.dmp

Filesize
1.7MB

Download
memory/2012-144-0x0000000006B20000-0x0000000006BB8000-memory.dmp

Filesize
608KB

Download
memory/2012-145-0x0000000006BC0000-0x0000000006C41000-memory.dmp

Filesize
516KB

Download
memory/2012-146-0x0000000006C60000-0x0000000006C91000-memory.dmp

Filesize
196KB

Download
memory/2012-147-0x0000000006CA0000-0x0000000006D18000-memory.dmp

Filesize
480KB

Download
memory/2012-148-0x0000000006D20000-0x0000000006D34000-memory.dmp

Filesize
80KB

Download
memory/2012-149-0x0000000006D40000-0x0000000006D73000-memory.dmp

Filesize
204KB

Download
memory/2012-150-0x0000000006D80000-0x0000000006DAE000-memory.dmp

Filesize
184KB

Download
memory/2012-151-0x0000000006DB0000-0x0000000006DC1000-memory.dmp

Filesize
68KB

Download
memory/2012-152-0x0000000006DD0000-0x0000000006E2D000-memory.dmp

Filesize
372KB

Download
memory/2012-153-0x0000000006E30000-0x0000000006E59000-memory.dmp

Filesize
164KB

Download
memory/2012-154-0x0000000006E70000-0x0000000006E80000-memory.dmp

Filesize
64KB

Download
memory/2012-155-0x0000000006E80000-0x0000000006E93000-memory.dmp

Filesize
76KB

Download
memory/2012-156-0x0000000006EA0000-0x0000000006EB0000-memory.dmp

Filesize
64KB

Download
memory/2012-157-0x0000000006EC0000-0x0000000006ECF000-memory.dmp

Filesize
60KB

Download
memory/2012-158-0x0000000006ED0000-0x00000000070CE000-memory.dmp

Filesize
2.0MB

Download
memory/2012-159-0x00000000070D0000-0x0000000007122000-memory.dmp

Filesize
328KB

Download
memory/2012-160-0x0000000007130000-0x0000000007160000-memory.dmp

Filesize
192KB

Download
memory/2012-161-0x0000000007160000-0x0000000007181000-memory.dmp

Filesize
132KB

Download
memory/2012-162-0x0000000007190000-0x00000000071B1000-memory.dmp

Filesize
132KB

Download
memory/2012-163-0x00000000071C0000-0x00000000071E3000-memory.dmp

Filesize
140KB

Download
memory/2012-164-0x00000000071F0000-0x0000000007229000-memory.dmp

Filesize
228KB

Download
memory/2012-165-0x0000000007230000-0x0000000007243000-memory.dmp

Filesize
76KB

Download
memory/2012-166-0x0000000008220000-0x00000000082C6000-memory.dmp

Filesize
664KB

Download
memory/2012-167-0x00000000082D0000-0x00000000082EA000-memory.dmp

Filesize
104KB

Download
memory/2012-168-0x00000000082F0000-0x0000000008305000-memory.dmp

Filesize
84KB

Download
memory/2012-169-0x0000000008310000-0x000000000838D000-memory.dmp

Filesize
500KB

Download
memory/2012-170-0x0000000008390000-0x00000000084A4000-memory.dmp

Filesize
1.1MB

Download
memory/2012-171-0x00000000084C0000-0x00000000084EC000-memory.dmp

Filesize
176KB

Download
memory/2012-172-0x00000000084F0000-0x000000000852A000-memory.dmp

Filesize
232KB

Download
memory/2012-173-0x0000000008530000-0x000000000855E000-memory.dmp

Filesize
184KB

Download
memory/2012-174-0x0000000008610000-0x000000000861F000-memory.dmp

Filesize
60KB

Download
memory/2012-175-0x0000000008620000-0x0000000008639000-memory.dmp

Filesize
100KB

Download
memory/2012-176-0x0000000008640000-0x0000000008686000-memory.dmp

Filesize
280KB

Download
memory/2012-177-0x0000000008690000-0x00000000086D2000-memory.dmp

Filesize
264KB

Download
memory/2012-178-0x00000000086E0000-0x00000000086FD000-memory.dmp

Filesize
116KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads