e1a7ddbf735d5c1cb9097d7614840c00e5c4d5107fa687c0ab2a2ec8948ef84e | Triage

Analysis

max time kernel
12s
max time network
124s
platform
windows10_x64
resource
win10v20210410
submitted
30-07-2021 09:56

Sharing

Report Analysis Logs

General

Target

e1a7ddbf735d5c1cb9097d7614840c00e5c4d5107fa687c0ab2a2ec8948ef84e.exe
Size

2.2MB
MD5

9e609932c59d043565c5d3e5260f571b
SHA1

eaa2e1e2cb6c7b6ec405ffdf204999853ebbd54a
SHA256

e1a7ddbf735d5c1cb9097d7614840c00e5c4d5107fa687c0ab2a2ec8948ef84e
SHA512

34bd135dedd0c55d4fe337966dca8f6b02bda33f7aa67faf2bfd8685ffbb59be946524bfe62ae86fee4d2bbcb771844d29301294719ab3c24071c650dd001e66

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4724	4444	WerFault.exe	68

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4724	WerFault.exe
4724	WerFault.exe
4724	WerFault.exe
4724	WerFault.exe
4724	WerFault.exe
4724	WerFault.exe
4724	WerFault.exe
4724	WerFault.exe
4724	WerFault.exe
4724	WerFault.exe
4724	WerFault.exe
4724	WerFault.exe
4724	WerFault.exe
4724	WerFault.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	4724	WerFault.exe
Token: SeBackupPrivilege	4724	WerFault.exe
Token: SeDebugPrivilege	4724	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\e1a7ddbf735d5c1cb9097d7614840c00e5c4d5107fa687c0ab2a2ec8948ef84e.exe
"C:\Users\Admin\AppData\Local\Temp\e1a7ddbf735d5c1cb9097d7614840c00e5c4d5107fa687c0ab2a2ec8948ef84e.exe"
1⤵
PID:4444
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 180
  2⤵
  - Program crash
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads