Analysis
-
max time kernel
20s -
max time network
26s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
19-08-2021 01:18
General
-
Target
magnibar_0e9cb980e176c55c4694f8cb8b4fad949926887ec9e8ba209058bf22f2b359d6.exe
-
Size
21KB
-
MD5
24d60185a9e294a60c03b90fe731a04a
-
SHA1
c46b6a52efe81e02da8084f197efce7cb482f897
-
SHA256
0e9cb980e176c55c4694f8cb8b4fad949926887ec9e8ba209058bf22f2b359d6
-
SHA512
4419eaf48a932c9139c891ee36f51c8a7087357b2de56378a2c3399d8635f90460b30e16dc2b11db704a5f2e702fd116f292f723856b0fca008861eef8302674
Score
10/10
Malware Config
Signatures
-
Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\magnibar_0e9cb980e176c55c4694f8cb8b4fad949926887ec9e8ba209058bf22f2b359d6.exe"C:\Users\Admin\AppData\Local\Temp\magnibar_0e9cb980e176c55c4694f8cb8b4fad949926887ec9e8ba209058bf22f2b359d6.exe"1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 3284 -s 1322⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-