Analysis
-
max time kernel
17s -
max time network
118s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
23-07-2021 03:22
Behavioral task
behavioral1
Sample
dependencies.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
dependencies.exe
Resource
win10v20210408
General
-
Target
dependencies.exe
-
Size
172KB
-
MD5
3a1db70b49e9be3303890cb7855f2296
-
SHA1
fed77876af92c2eb080251ba7a3532a154be1e94
-
SHA256
3ffbccaf9efde195e47803fbeefbeea8daa46b8befe87b7781434c50b79d613b
-
SHA512
052e7cfc998eb8a6133cedb094ce7181461875031f7c7fafc1cf468d36d9d72d02705becd79c3e1e595ce02c4ba85d7baf45b0bc3125113a5a07d5b62dc3483e
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2692 1000 WerFault.exe dependencies.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 2692 WerFault.exe 2692 WerFault.exe 2692 WerFault.exe 2692 WerFault.exe 2692 WerFault.exe 2692 WerFault.exe 2692 WerFault.exe 2692 WerFault.exe 2692 WerFault.exe 2692 WerFault.exe 2692 WerFault.exe 2692 WerFault.exe 2692 WerFault.exe 2692 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 2692 WerFault.exe Token: SeBackupPrivilege 2692 WerFault.exe Token: SeDebugPrivilege 2692 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\dependencies.exe"C:\Users\Admin\AppData\Local\Temp\dependencies.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 5162⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1000-114-0x0000000010000000-0x0000000010006000-memory.dmpFilesize
24KB