83ac6dd25820e1b6b826c2d52a28bf71506fec4f8320d4f51f3a0cfd739502f3 | Triage

Resubmissions

16-09-2021 19:52

210916-ylfhfaecb8 10

02-08-2021 22:19

210802-12e6dd3jde 3

Analysis

max time kernel
85s
max time network
87s
platform
windows10_x64
resource
win10v20210408
submitted
16-09-2021 19:52

Sharing

Report Analysis Logs

General

Target

daed41395ba663bef2c52e3d1723ac46253a9008b582bb8d9da9cb0044991720.exe
Size

67KB
MD5

e6b0276bc3f541d8ff1ebb1b59c8bd29
SHA1

295de44a0adbef57c51458978ccd71437aff0bf1
SHA256

daed41395ba663bef2c52e3d1723ac46253a9008b582bb8d9da9cb0044991720
SHA512

cdc851b9a7dc396384cbd69353f4e594cb3ac80679abfaa9ebf7bf849bca1b2e2c233c9634239e4aaa4e7f02a2af096733bef1b760ae0e6d660918217cecdcee

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4076	1832	WerFault.exe	67

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
4076	WerFault.exe
4076	WerFault.exe
4076	WerFault.exe
4076	WerFault.exe
4076	WerFault.exe
4076	WerFault.exe
4076	WerFault.exe
4076	WerFault.exe
4076	WerFault.exe
4076	WerFault.exe
4076	WerFault.exe
4076	WerFault.exe
4076	WerFault.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	4076	WerFault.exe
Token: SeBackupPrivilege	4076	WerFault.exe
Token: SeDebugPrivilege	4076	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\daed41395ba663bef2c52e3d1723ac46253a9008b582bb8d9da9cb0044991720.exe
"C:\Users\Admin\AppData\Local\Temp\daed41395ba663bef2c52e3d1723ac46253a9008b582bb8d9da9cb0044991720.exe"
1⤵
PID:1832
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 276
  2⤵
  - Program crash
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4076

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads