ec518c3d2b91a2d64ee75f7962c4131c0dbd68ed3b5c94304277baabdab1b335

Analysis

Target

Order 00041221.exe
Size

503KB
MD5

7bfc35c1ab9e7be4e27af84de38e439f
SHA1

5f27b8402d22516e6b7e89527fd1a18bc4c4a727
SHA256

ec518c3d2b91a2d64ee75f7962c4131c0dbd68ed3b5c94304277baabdab1b335
SHA512

1e2b216efb16722bce9bc1939966a54e6951013f1f7943712be2d6c181e8f0544c86be5d10b9470d66bec4e87879d10bd9581f75900457ad9e97e080ad43bef0

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1368 980 WerFault.exe Order 00041221.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

WerFault.exe

pid process

1368 WerFault.exe
1368 WerFault.exe
1368 WerFault.exe
1368 WerFault.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

WerFault.exe

pid process

1368 WerFault.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

WerFault.exe

description pid process

Token: SeDebugPrivilege 1368 WerFault.exe

pid	pid_target	process	target process
1368	980	WerFault.exe	Order 00041221.exe

pid	process
1368	WerFault.exe

description	pid	process
Token: SeDebugPrivilege	1368	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

Order 00041221.exe

description	pid	process	target process
PID 980 wrote to memory of 1368	980	Order 00041221.exe	WerFault.exe
PID 980 wrote to memory of 1368	980	Order 00041221.exe	WerFault.exe
PID 980 wrote to memory of 1368	980	Order 00041221.exe	WerFault.exe
PID 980 wrote to memory of 1368	980	Order 00041221.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\Order 00041221.exe
"C:\Users\Admin\AppData\Local\Temp\Order 00041221.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:980

memory/980-55-0x00000000010C0000-0x00000000010C1000-memory.dmp

Filesize
4KB

Download
memory/980-57-0x0000000075AB1000-0x0000000075AB3000-memory.dmp

Filesize
8KB

Download
memory/980-58-0x0000000004DA0000-0x0000000004DA1000-memory.dmp

Filesize
4KB

Download
memory/980-59-0x0000000000360000-0x0000000000368000-memory.dmp

Filesize
32KB

Download
memory/980-60-0x0000000004D00000-0x0000000004D69000-memory.dmp

Filesize
420KB

Download
memory/1368-61-0x0000000000000000-mapping.dmp

Download
memory/1368-62-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download