7a73032ece59af3316c4a64490344ee111e4cb06aaf00b4a96c10adfdd655599 | Triage

Analysis

max time kernel
12s
max time network
135s
platform
windows10_x64
resource
win10v20210410
submitted
26-07-2021 12:59

Sharing

Report Analysis Logs

General

Target

7a73032ece59af3316c4a64490344ee111e4cb06aaf00b4a96c10adfdd655599.sample.exe
Size

65KB
MD5

26c35850483c877ee23f476b38d58deb
SHA1

0d339d08a546591aab246f3cf799f3e2aaee3889
SHA256

7a73032ece59af3316c4a64490344ee111e4cb06aaf00b4a96c10adfdd655599
SHA512

046e7e05bac2d5c8d84b2f9db7c187e1588dcfe53813ebe949abdabe80de3e784342e06cfc969f1bf4e90575ae163406012bfe24bcc2f7cbd722b4c3639c59a2

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid	pid_target	Process	procid_target
2764	748	WerFault.exe	66

Suspicious behavior: EnumeratesProcesses 15 IoCs

Processes:

WerFault.exe

pid	Process
2764	WerFault.exe
2764	WerFault.exe
2764	WerFault.exe
2764	WerFault.exe
2764	WerFault.exe
2764	WerFault.exe
2764	WerFault.exe
2764	WerFault.exe
2764	WerFault.exe
2764	WerFault.exe
2764	WerFault.exe
2764	WerFault.exe
2764	WerFault.exe
2764	WerFault.exe
2764	WerFault.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

WerFault.exe

description	pid	Process
Token: SeRestorePrivilege	2764	WerFault.exe
Token: SeBackupPrivilege	2764	WerFault.exe
Token: SeDebugPrivilege	2764	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\7a73032ece59af3316c4a64490344ee111e4cb06aaf00b4a96c10adfdd655599.sample.exe
"C:\Users\Admin\AppData\Local\Temp\7a73032ece59af3316c4a64490344ee111e4cb06aaf00b4a96c10adfdd655599.sample.exe"
1⤵
PID:748
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 492
  2⤵
  - Program crash
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads