Analysis
-
max time kernel
116s -
max time network
152s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
21-09-2021 09:20
Static task
static1
Behavioral task
behavioral1
Sample
adobe1_04360000_unpacked.exe
Resource
win7-en-20210920
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
adobe1_04360000_unpacked.exe
Resource
win10-en-20210920
windows10_x64
0 signatures
0 seconds
General
-
Target
adobe1_04360000_unpacked.exe
-
Size
660KB
-
MD5
923a849bd0e4dcea6ee5c4eeabecffec
-
SHA1
6cbdee32471fe4909067093352e7412358c7bd80
-
SHA256
664c3a7e8d4c5316a116a2c00595fb66e338012898b09d44218ae8374477fab8
-
SHA512
61caf1852fa61378a69df1b1d7bd3684f39d3d2c28f12700f2b3481dca312cbc4c3f80787e57184b47b8e10f77ff4cac081c7b86d2e4853705c8ec4c05cd1527
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2744 2468 WerFault.exe adobe1_04360000_unpacked.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 2744 WerFault.exe Token: SeBackupPrivilege 2744 WerFault.exe Token: SeDebugPrivilege 2744 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\adobe1_04360000_unpacked.exe"C:\Users\Admin\AppData\Local\Temp\adobe1_04360000_unpacked.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 5802⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2468-115-0x0000000013140000-0x000000001338A000-memory.dmpFilesize
2.3MB