33fd2f2b2053150f21129807c381d38874c7622d207a8d036782db82cc61455b | Triage

Resubmissions

09-12-2021 17:57

211209-wj1dqaeedq 10

06-12-2021 09:45

211206-lrasxsgeh3 3

22-11-2021 13:35

211122-qvrytsfehq 3

Analysis

max time kernel
79s
max time network
124s
platform
windows10_x64
resource
win10-en-20211104
submitted
22-11-2021 13:35

Sharing

Report Analysis Logs

General

Target

2.exe
Size

177KB
MD5

20478d2d2b86e6c8c9da84af39fd652b
SHA1

f9c926efee370218d0d82dd75e703f46355e6018
SHA256

33fd2f2b2053150f21129807c381d38874c7622d207a8d036782db82cc61455b
SHA512

a348e4d5245b6aff3242f02f66415874a6380fa26740ed18ff2e995a87a386acc2e93182066abc3d6e7dc253909ed79099db70209ca38f779adb7fe67c78b613

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2100 2936 WerFault.exe 2.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

WerFault.exe

pid	process
2100	WerFault.exe
2100	WerFault.exe
2100	WerFault.exe
2100	WerFault.exe
2100	WerFault.exe
2100	WerFault.exe
2100	WerFault.exe
2100	WerFault.exe
2100	WerFault.exe
2100	WerFault.exe
2100	WerFault.exe
2100	WerFault.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

WerFault.exe

description pid process

Token: SeDebugPrivilege 2100 WerFault.exe

C:\Users\Admin\AppData\Local\Temp\2.exe
"C:\Users\Admin\AppData\Local\Temp\2.exe"
1⤵
PID:2936

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2936 -s 420
2⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...