f0c574ed9c151485cad8d4f4b69ba73530e13c6886038340c6effa15ff93abeb | Triage

Analysis

max time kernel
99s
max time network
103s
platform
windows10_x64
resource
win10v20210408
submitted
15/09/2021, 08:47

Sharing

Report Analysis Logs

General

Target

e1a7ddbf735d5c1cb9097d7614840c00e5c4d5107fa687c0ab2a2ec8948ef84e.exe
Size

2.2MB
MD5

9e609932c59d043565c5d3e5260f571b
SHA1

eaa2e1e2cb6c7b6ec405ffdf204999853ebbd54a
SHA256

e1a7ddbf735d5c1cb9097d7614840c00e5c4d5107fa687c0ab2a2ec8948ef84e
SHA512

34bd135dedd0c55d4fe337966dca8f6b02bda33f7aa67faf2bfd8685ffbb59be946524bfe62ae86fee4d2bbcb771844d29301294719ab3c24071c650dd001e66

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
996	652	WerFault.exe	67

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
996	WerFault.exe
996	WerFault.exe
996	WerFault.exe
996	WerFault.exe
996	WerFault.exe
996	WerFault.exe
996	WerFault.exe
996	WerFault.exe
996	WerFault.exe
996	WerFault.exe
996	WerFault.exe
996	WerFault.exe
996	WerFault.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	996	WerFault.exe
Token: SeBackupPrivilege	996	WerFault.exe
Token: SeDebugPrivilege	996	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\e1a7ddbf735d5c1cb9097d7614840c00e5c4d5107fa687c0ab2a2ec8948ef84e.exe
"C:\Users\Admin\AppData\Local\Temp\e1a7ddbf735d5c1cb9097d7614840c00e5c4d5107fa687c0ab2a2ec8948ef84e.exe"
1⤵
PID:652
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 224
  2⤵
  - Program crash
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads