Resubmissions

16-09-2021 19:52

210916-ylfhfaecb8 10

02-08-2021 22:19

210802-12e6dd3jde 3

Analysis

  • max time kernel
    85s
  • max time network
    87s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    16-09-2021 19:52

General

  • Target

    daed41395ba663bef2c52e3d1723ac46253a9008b582bb8d9da9cb0044991720.exe

  • Size

    67KB

  • MD5

    e6b0276bc3f541d8ff1ebb1b59c8bd29

  • SHA1

    295de44a0adbef57c51458978ccd71437aff0bf1

  • SHA256

    daed41395ba663bef2c52e3d1723ac46253a9008b582bb8d9da9cb0044991720

  • SHA512

    cdc851b9a7dc396384cbd69353f4e594cb3ac80679abfaa9ebf7bf849bca1b2e2c233c9634239e4aaa4e7f02a2af096733bef1b760ae0e6d660918217cecdcee

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\daed41395ba663bef2c52e3d1723ac46253a9008b582bb8d9da9cb0044991720.exe
    "C:\Users\Admin\AppData\Local\Temp\daed41395ba663bef2c52e3d1723ac46253a9008b582bb8d9da9cb0044991720.exe"
    1⤵
      PID:1832
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 276
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:4076

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads