e1a7ddbf735d5c1cb9097d7614840c00e5c4d5107fa687c0ab2a2ec8948ef84e | Triage

Analysis

max time kernel
12s
max time network
124s
platform
windows10_x64
resource
win10v20210410
submitted
30-07-2021 09:56

Sharing

Report Analysis Logs

General

Target

e1a7ddbf735d5c1cb9097d7614840c00e5c4d5107fa687c0ab2a2ec8948ef84e.exe
Size

2.2MB
MD5

9e609932c59d043565c5d3e5260f571b
SHA1

eaa2e1e2cb6c7b6ec405ffdf204999853ebbd54a
SHA256

e1a7ddbf735d5c1cb9097d7614840c00e5c4d5107fa687c0ab2a2ec8948ef84e
SHA512

34bd135dedd0c55d4fe337966dca8f6b02bda33f7aa67faf2bfd8685ffbb59be946524bfe62ae86fee4d2bbcb771844d29301294719ab3c24071c650dd001e66

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4724 4444 WerFault.exe e1a7ddbf735d5c1cb9097d7614840c00e5c4d5107fa687c0ab2a2ec8948ef84e.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

WerFault.exe

pid	process
4724	WerFault.exe
4724	WerFault.exe
4724	WerFault.exe
4724	WerFault.exe
4724	WerFault.exe
4724	WerFault.exe
4724	WerFault.exe
4724	WerFault.exe
4724	WerFault.exe
4724	WerFault.exe
4724	WerFault.exe
4724	WerFault.exe
4724	WerFault.exe
4724	WerFault.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

WerFault.exe

description pid process

Token: SeRestorePrivilege 4724 WerFault.exe
Token: SeBackupPrivilege 4724 WerFault.exe
Token: SeDebugPrivilege 4724 WerFault.exe

C:\Users\Admin\AppData\Local\Temp\e1a7ddbf735d5c1cb9097d7614840c00e5c4d5107fa687c0ab2a2ec8948ef84e.exe
"C:\Users\Admin\AppData\Local\Temp\e1a7ddbf735d5c1cb9097d7614840c00e5c4d5107fa687c0ab2a2ec8948ef84e.exe"
1⤵
PID:4444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 180
2⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4724

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...