e9b24041847844a5d57b033bf0b41dc637eba7664acfb43da5db635ae920a1b4 | Triage

Analysis

max time kernel
49s
max time network
160s
platform
windows10_x64
resource
win10v20210408
submitted
10-09-2021 19:02

Sharing

Report Analysis Logs

General

Target

e9b24041847844a5d57b033bf0b41dc637eba7664acfb43da5db635ae920a1b4.exe
Size

79KB
MD5

936593e1ba2e1fefc78389ed40ab9d9a
SHA1

dce566c765b39bca870e374c7f973b432a633fb3
SHA256

e9b24041847844a5d57b033bf0b41dc637eba7664acfb43da5db635ae920a1b4
SHA512

21d3f5f00be88041ee4839a776ed8e7428bcb1e8172d4c4f9af2a7b782c3f89fc4dd57402dbf77d24664b8a99d2d330dc8b231d9d7037564bbc9276c49633017

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3984	584	WerFault.exe	67

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
3984	WerFault.exe
3984	WerFault.exe
3984	WerFault.exe
3984	WerFault.exe
3984	WerFault.exe
3984	WerFault.exe
3984	WerFault.exe
3984	WerFault.exe
3984	WerFault.exe
3984	WerFault.exe
3984	WerFault.exe
3984	WerFault.exe
3984	WerFault.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	3984	WerFault.exe
Token: SeBackupPrivilege	3984	WerFault.exe
Token: SeDebugPrivilege	3984	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\e9b24041847844a5d57b033bf0b41dc637eba7664acfb43da5db635ae920a1b4.exe
"C:\Users\Admin\AppData\Local\Temp\e9b24041847844a5d57b033bf0b41dc637eba7664acfb43da5db635ae920a1b4.exe"
1⤵
PID:584
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 272
  2⤵
  - Program crash
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads