83ac6dd25820e1b6b826c2d52a28bf71506fec4f8320d4f51f3a0cfd739502f3 | Triage

Resubmissions

16-09-2021 19:52

210916-ylfhfaecb8 10

02-08-2021 22:19

210802-12e6dd3jde 3

Analysis

max time kernel
12s
max time network
125s
platform
windows10_x64
resource
win10v20210410
submitted
02-08-2021 22:19

Sharing

Report Analysis Logs

General

Target

daed41395ba663bef2c52e3d1723ac46253a9008b582bb8d9da9cb0044991720.exe
Size

67KB
MD5

e6b0276bc3f541d8ff1ebb1b59c8bd29
SHA1

295de44a0adbef57c51458978ccd71437aff0bf1
SHA256

daed41395ba663bef2c52e3d1723ac46253a9008b582bb8d9da9cb0044991720
SHA512

cdc851b9a7dc396384cbd69353f4e594cb3ac80679abfaa9ebf7bf849bca1b2e2c233c9634239e4aaa4e7f02a2af096733bef1b760ae0e6d660918217cecdcee

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3480	3724	WerFault.exe	47

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3480	WerFault.exe
3480	WerFault.exe
3480	WerFault.exe
3480	WerFault.exe
3480	WerFault.exe
3480	WerFault.exe
3480	WerFault.exe
3480	WerFault.exe
3480	WerFault.exe
3480	WerFault.exe
3480	WerFault.exe
3480	WerFault.exe
3480	WerFault.exe
3480	WerFault.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	3480	WerFault.exe
Token: SeBackupPrivilege	3480	WerFault.exe
Token: SeDebugPrivilege	3480	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\daed41395ba663bef2c52e3d1723ac46253a9008b582bb8d9da9cb0044991720.exe
"C:\Users\Admin\AppData\Local\Temp\daed41395ba663bef2c52e3d1723ac46253a9008b582bb8d9da9cb0044991720.exe"
1⤵
PID:3724
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 268
  2⤵
  - Program crash
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads