0e9cb980e176c55c4694f8cb8b4fad949926887ec9e8ba209058bf22f2b359d6

Resubmissions

19-08-2021 01:18

22-07-2021 19:23

Target

magnibar_0e9cb980e176c55c4694f8cb8b4fad949926887ec9e8ba209058bf22f2b359d6.exe
Size

21KB
MD5

24d60185a9e294a60c03b90fe731a04a
SHA1

c46b6a52efe81e02da8084f197efce7cb482f897
SHA256

0e9cb980e176c55c4694f8cb8b4fad949926887ec9e8ba209058bf22f2b359d6
SHA512

4419eaf48a932c9139c891ee36f51c8a7087357b2de56378a2c3399d8635f90460b30e16dc2b11db704a5f2e702fd116f292f723856b0fca008861eef8302674

Score

10^/10

Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 1292 created 3284	1292	WerFault.exe	59

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1292	3284	WerFault.exe	59

Suspicious behavior: EnumeratesProcesses 14 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1292	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\magnibar_0e9cb980e176c55c4694f8cb8b4fad949926887ec9e8ba209058bf22f2b359d6.exe
"C:\Users\Admin\AppData\Local\Temp\magnibar_0e9cb980e176c55c4694f8cb8b4fad949926887ec9e8ba209058bf22f2b359d6.exe"
1⤵
PID:3284
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3284 -s 132
  2⤵
  - Suspicious use of NtCreateProcessExOtherParentProcess
  - Program crash
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1292