metasploit | e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214

General

Target

e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Size

4.3MB
MD5

a0a79eb170e37c5e4cb7e969651725e9
SHA1

8da476876060690ad4fc24bc0e4f4d1222f1f2f9
SHA256

e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214
SHA512

4becc8274e83c7e9ea4ed661c7b186ab680fdd3ebeee6746c8ac13b323d9b592219018379bddab9a99b1e9862fbf77c7cdf9d9388c978879e5ee2ae543fba056

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

windows/single_exec

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4548 4420 WerFault.exe e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe

pid	pid_target	process	target process
4548	4420	WerFault.exe	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe

Modifies data under HKEY_USERS 64 IoCs

Processes:

e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-142 = "Canada Central Standard Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1872 = "Russia TZ 7 Standard Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1911 = "Russia TZ 10 Daylight Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-122 = "SA Pacific Standard Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-11 = "Azores Daylight Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2612 = "Bougainville Standard Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-152 = "Central America Standard Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2532 = "Chatham Islands Standard Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-41 = "E. South America Daylight Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-342 = "Egypt Standard Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1801 = "Line Islands Daylight Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2062 = "North Korea Standard Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-12 = "Azores Standard Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1411 = "Syria Daylight Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1472 = "Magadan Standard Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2572 = "Turks and Caicos Standard Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-652 = "AUS Central Standard Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-384 = "Namibia Daylight Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-131 = "US Eastern Daylight Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-52 = "Greenland Standard Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-51 = "Greenland Daylight Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2452 = "Saint Pierre Standard Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-602 = "Taipei Standard Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1042 = "Ulaanbaatar Standard Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-201 = "US Mountain Daylight Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-82 = "Atlantic Standard Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-532 = "Sri Lanka Standard Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-282 = "Central Europe Standard Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2341 = "Haiti Daylight Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-892 = "Morocco Standard Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1932 = "Russia TZ 11 Standard Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-591 = "Malay Peninsula Daylight Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1662 = "Bahia Standard Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2531 = "Chatham Islands Daylight Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2041 = "Eastern Daylight Time (Mexico)"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-832 = "SA Eastern Standard Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-291 = "Central European Daylight Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1021 = "Bangladesh Daylight Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-511 = "Central Asia Daylight Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-791 = "SA Western Daylight Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-402 = "Arabic Standard Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-571 = "China Daylight Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-262 = "GMT Standard Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-912 = "Mauritius Standard Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-391 = "Arab Daylight Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2391 = "Aleutian Daylight Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-461 = "Afghanistan Daylight Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2631 = "Norfolk Daylight Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1862 = "Russia TZ 6 Standard Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1861 = "Russia TZ 6 Daylight Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-231 = "Hawaiian Daylight Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-448 = "Azerbaijan Daylight Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-351 = "FLE Daylight Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-261 = "GMT Daylight Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1891 = "Russia TZ 3 Daylight Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2161 = "Altai Daylight Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2181 = "Astrakhan Daylight Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-365 = "Middle East Standard Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-385 = "Namibia Standard Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-215 = "Pacific Standard Time (Mexico)"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-462 = "Afghanistan Standard Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-732 = "Fiji Standard Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-362 = "GTB Standard Time"	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe

pid	process
3464	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
3464	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe

description	pid	process
Token: SeDebugPrivilege	3464	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
Token: SeImpersonatePrivilege	3464	e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe

C:\Users\Admin\AppData\Local\Temp\e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
"C:\Users\Admin\AppData\Local\Temp\e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3464

C:\Users\Admin\AppData\Local\Temp\e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe
"C:\Users\Admin\AppData\Local\Temp\e7ba4b1bbb32424b3f53e70509bfd13c74e73381e5349458a8c50b2d617d7214.exe"
2⤵
- Modifies data under HKEY_USERS
PID:4420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 768
3⤵
- Program crash
PID:4548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3464-118-0x0000000003E32000-0x0000000004241000-memory.dmp

Filesize
4.1MB

Download
memory/3464-119-0x0000000004250000-0x0000000004AF2000-memory.dmp

Filesize
8.6MB

Download
memory/3464-120-0x0000000000400000-0x0000000001FFF000-memory.dmp

Filesize
28.0MB

Download
memory/4420-121-0x0000000003DC7000-0x00000000041D6000-memory.dmp

Filesize
4.1MB

Download
memory/4420-122-0x0000000000400000-0x0000000001FFF000-memory.dmp

Filesize
28.0MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads