Analysis
-
max time kernel
118s -
max time network
130s -
platform
windows10_x64 -
resource
win10-en-20211014 -
submitted
19-11-2021 17:35
General
-
Target
Sample_5a2ea1b1c301d804e6dd924f.bin.exe
-
Size
81KB
-
MD5
645d25f0d9f89b7b8a48b078e84501b7
-
SHA1
7ffd6f6416e103591ff6ead7532843afd698e103
-
SHA256
c01657ae6e2f1fd94f247fbfc7dee9c701db142db2a3813c93ede6c633dd8029
-
SHA512
5334a34422ce4bb42332337d33e3193c2313907df2e265607fe25d9b7a0fc78dc252173494cb17347bbe499993bda7ff872912ba88ef693a13e5aaae7e1943ac
Score
10/10
Malware Config
Signatures
-
Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
-
Program crash 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 25 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Sample_5a2ea1b1c301d804e6dd924f.bin.exe"C:\Users\Admin\AppData\Local\Temp\Sample_5a2ea1b1c301d804e6dd924f.bin.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 12802⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 11922⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3384-115-0x00000000006A0000-0x00000000006A1000-memory.dmpFilesize
4KB
-
memory/3384-117-0x0000000005440000-0x0000000005441000-memory.dmpFilesize
4KB
-
memory/3384-118-0x0000000004FE0000-0x0000000004FE1000-memory.dmpFilesize
4KB
-
memory/3384-119-0x0000000004F40000-0x000000000543E000-memory.dmpFilesize
5.0MB
-
memory/3384-120-0x0000000002AA0000-0x0000000002AA1000-memory.dmpFilesize
4KB
-
memory/3384-121-0x0000000008D40000-0x0000000008D41000-memory.dmpFilesize
4KB