e9b24041847844a5d57b033bf0b41dc637eba7664acfb43da5db635ae920a1b4 | Triage

Analysis

max time kernel
149s
max time network
152s
platform
windows10_x64
resource
win10-en-20210920
submitted
05/10/2021, 10:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e9b24041847844a5d57b033bf0b41dc637eba7664acfb43da5db635ae920a1b4.exe
Size

79KB
MD5

936593e1ba2e1fefc78389ed40ab9d9a
SHA1

dce566c765b39bca870e374c7f973b432a633fb3
SHA256

e9b24041847844a5d57b033bf0b41dc637eba7664acfb43da5db635ae920a1b4
SHA512

21d3f5f00be88041ee4839a776ed8e7428bcb1e8172d4c4f9af2a7b782c3f89fc4dd57402dbf77d24664b8a99d2d330dc8b231d9d7037564bbc9276c49633017

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2364	2016	WerFault.exe	69

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2364	WerFault.exe
2364	WerFault.exe
2364	WerFault.exe
2364	WerFault.exe
2364	WerFault.exe
2364	WerFault.exe
2364	WerFault.exe
2364	WerFault.exe
2364	WerFault.exe
2364	WerFault.exe
2364	WerFault.exe
2364	WerFault.exe
2364	WerFault.exe
2364	WerFault.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	2364	WerFault.exe
Token: SeBackupPrivilege	2364	WerFault.exe
Token: SeDebugPrivilege	2364	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\e9b24041847844a5d57b033bf0b41dc637eba7664acfb43da5db635ae920a1b4.exe
"C:\Users\Admin\AppData\Local\Temp\e9b24041847844a5d57b033bf0b41dc637eba7664acfb43da5db635ae920a1b4.exe"
1⤵
PID:2016
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 268
  2⤵
  - Program crash
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads