Analysis
-
max time kernel
13s -
max time network
124s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
26-07-2021 12:42
Static task
static1
Behavioral task
behavioral1
Sample
ae1f419bb8e91810ef9a98c3b5dfdf876b25a9ece8799df4fa75c23fcd3475c3.sample.exe
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
ae1f419bb8e91810ef9a98c3b5dfdf876b25a9ece8799df4fa75c23fcd3475c3.sample.exe
Resource
win10v20210410
windows10_x64
0 signatures
0 seconds
General
-
Target
ae1f419bb8e91810ef9a98c3b5dfdf876b25a9ece8799df4fa75c23fcd3475c3.sample.exe
-
Size
57KB
-
MD5
1cccdbec21fd05b4500cc78319dffe74
-
SHA1
af272e1d49b05937a1bd393f8e1b484415af0ab6
-
SHA256
ae1f419bb8e91810ef9a98c3b5dfdf876b25a9ece8799df4fa75c23fcd3475c3
-
SHA512
f404c83a44bf47f028eb7a4abf8e0cd79fad3d4e8f5b353353e0bbc2027f7923eb425d66c51e67d78cf27dbac2a77f44abfa640abece95080bd30b50fbfb7bef
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1748 3368 WerFault.exe ae1f419bb8e91810ef9a98c3b5dfdf876b25a9ece8799df4fa75c23fcd3475c3.sample.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 1748 WerFault.exe 1748 WerFault.exe 1748 WerFault.exe 1748 WerFault.exe 1748 WerFault.exe 1748 WerFault.exe 1748 WerFault.exe 1748 WerFault.exe 1748 WerFault.exe 1748 WerFault.exe 1748 WerFault.exe 1748 WerFault.exe 1748 WerFault.exe 1748 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 1748 WerFault.exe Token: SeBackupPrivilege 1748 WerFault.exe Token: SeDebugPrivilege 1748 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ae1f419bb8e91810ef9a98c3b5dfdf876b25a9ece8799df4fa75c23fcd3475c3.sample.exe"C:\Users\Admin\AppData\Local\Temp\ae1f419bb8e91810ef9a98c3b5dfdf876b25a9ece8799df4fa75c23fcd3475c3.sample.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 5202⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3368-114-0x00000000001E0000-0x00000000001E2000-memory.dmpFilesize
8KB