Analysis
-
max time kernel
81s -
max time network
152s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
29-09-2021 18:05
Static task
static1
Behavioral task
behavioral1
Sample
Ordinazione d'acquisto.exe
Resource
win7-en-20210920
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Ordinazione d'acquisto.exe
Resource
win10v20210408
windows10_x64
0 signatures
0 seconds
General
-
Target
Ordinazione d'acquisto.exe
-
Size
243KB
-
MD5
286597866ff97e04ae9360022a28b711
-
SHA1
13131a0f720f6f0252f4b0dbc3bf4ff47588bf40
-
SHA256
abd3cca5a11651cd3570b0f40ad43541e31b3dcb5af6bb18f2944c34c1d4a808
-
SHA512
54d7e501439c1b577f26355ab0066b55568b92248b72fa8fcf8a8a9e74ca4a9c0e07dc9ae3baa8c9163e5749a0da7bc8fb6ec168305df83f78ccd920cc18e69a
Score
10/10
Malware Config
Signatures
-
Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
Processes:
WerFault.exedescription pid process target process PID 644 created 4060 644 WerFault.exe Ordinazione d'acquisto.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 644 4060 WerFault.exe Ordinazione d'acquisto.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 644 WerFault.exe 644 WerFault.exe 644 WerFault.exe 644 WerFault.exe 644 WerFault.exe 644 WerFault.exe 644 WerFault.exe 644 WerFault.exe 644 WerFault.exe 644 WerFault.exe 644 WerFault.exe 644 WerFault.exe 644 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 644 WerFault.exe Token: SeBackupPrivilege 644 WerFault.exe Token: SeDebugPrivilege 644 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Ordinazione d'acquisto.exe"C:\Users\Admin\AppData\Local\Temp\Ordinazione d'acquisto.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 2402⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4060-114-0x0000000000450000-0x000000000059A000-memory.dmpFilesize
1.3MB