Analysis
-
max time kernel
122s -
max time network
122s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
13-01-2022 18:00
Static task
static1
Behavioral task
behavioral1
Sample
780fd4b0a5fde771e1997ce53896cb9f.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
780fd4b0a5fde771e1997ce53896cb9f.exe
Resource
win10-en-20211208
General
-
Target
780fd4b0a5fde771e1997ce53896cb9f.exe
-
Size
115KB
-
MD5
780fd4b0a5fde771e1997ce53896cb9f
-
SHA1
620c2e4b60d2f902933ff6a20042f71b53833e10
-
SHA256
a6d0e2abcc93742839c48666cfee33a4647b42863c7a3304691eed1fc5e854fb
-
SHA512
f5b3434abe7fbe02be993904b572c08b7c7e5963f8fec8fc4dfbc027c76bd21a9c7188b4a5fdda269d77c36c7fee37465251b490f09fe6fc303577bb6cae0f4d
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4040 1192 WerFault.exe 780fd4b0a5fde771e1997ce53896cb9f.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
WerFault.exepid process 4040 WerFault.exe 4040 WerFault.exe 4040 WerFault.exe 4040 WerFault.exe 4040 WerFault.exe 4040 WerFault.exe 4040 WerFault.exe 4040 WerFault.exe 4040 WerFault.exe 4040 WerFault.exe 4040 WerFault.exe 4040 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
780fd4b0a5fde771e1997ce53896cb9f.exeWerFault.exedescription pid process Token: SeDebugPrivilege 1192 780fd4b0a5fde771e1997ce53896cb9f.exe Token: SeRestorePrivilege 4040 WerFault.exe Token: SeBackupPrivilege 4040 WerFault.exe Token: SeDebugPrivilege 4040 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\780fd4b0a5fde771e1997ce53896cb9f.exe"C:\Users\Admin\AppData\Local\Temp\780fd4b0a5fde771e1997ce53896cb9f.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 20002⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1192-115-0x00000000008A0000-0x00000000008C2000-memory.dmpFilesize
136KB
-
memory/1192-116-0x00000000008A0000-0x00000000008C2000-memory.dmpFilesize
136KB
-
memory/1192-117-0x00000000056C0000-0x0000000005BBE000-memory.dmpFilesize
4MB
-
memory/1192-118-0x0000000002C30000-0x0000000002C31000-memory.dmpFilesize
4KB