Analysis
-
max time kernel
87s -
max time network
122s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
28-12-2021 19:07
Static task
static1
Behavioral task
behavioral1
Sample
110526d2882da3d46aa3d7023b00f41e.exe
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
110526d2882da3d46aa3d7023b00f41e.exe
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
110526d2882da3d46aa3d7023b00f41e.exe
-
Size
3.4MB
-
MD5
110526d2882da3d46aa3d7023b00f41e
-
SHA1
250a483cead19e65bc11d215d48289dff51241b0
-
SHA256
772f0c407388e029e98f9d885f57a0e3ef9b0f42099a16fe6367fb321d4e2444
-
SHA512
46b4bd385342adcbbf52037d8c6b68609aed852dafde949022715f40f18af30f31497f30f49cdc1d0d9cb98a569d8b93079288b0b1926414413a0c20074ad6c6
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2264 3876 WerFault.exe 110526d2882da3d46aa3d7023b00f41e.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
WerFault.exepid process 2264 WerFault.exe 2264 WerFault.exe 2264 WerFault.exe 2264 WerFault.exe 2264 WerFault.exe 2264 WerFault.exe 2264 WerFault.exe 2264 WerFault.exe 2264 WerFault.exe 2264 WerFault.exe 2264 WerFault.exe 2264 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 2264 WerFault.exe Token: SeBackupPrivilege 2264 WerFault.exe Token: SeDebugPrivilege 2264 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\110526d2882da3d46aa3d7023b00f41e.exe"C:\Users\Admin\AppData\Local\Temp\110526d2882da3d46aa3d7023b00f41e.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 4042⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3876-115-0x0000000002770000-0x00000000027D0000-memory.dmpFilesize
384KB