Overview

overview

10

Static

static

10

5a1c.exe

windows7_x64

1

5a1c.exe

windows10_x64

10

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows10_x64
  • resource
    win10-en-20211014
  • submitted
    22-10-2021 11:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5a1c.exe

  • Size

    108KB

  • MD5

    040917312e63d02ed23c69d85178b3e9

  • SHA1

    cbea11e1b28df2e6a11234f53c953da4e8902063

  • SHA256

    5a1c40dee899e7427ea54f9208b2ef97d36c44967cb0bf3451150ee40deb7901

  • SHA512

    686ba85b1483827edf16b6ac72c21b774b5fb347558c0de7d487701fd26adc9d862bac9e6ce6de85eea122463c7377ea62943a27044073e6e180a31099b30fea

Score
10/10

Malware Config

Signatures

  • Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5a1c.exe
    "C:\Users\Admin\AppData\Local\Temp\5a1c.exe"
    1⤵
      PID:2716
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe -u -p 2716 -s 1020
        2⤵
        • Suspicious use of NtCreateProcessExOtherParentProcess
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2888

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2716-115-0x0000000000BF0000-0x0000000000BF1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2716-117-0x0000000001300000-0x0000000001302000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2716-118-0x000000001B7C0000-0x000000001B7C2000-memory.dmp
      Filesize

      8KB

      Download