db178a4101dfd5a6cee4518632c8d855270f9b3e83c04d7c75e4d97d378cf842 | Triage

Analysis

max time kernel
119s
max time network
146s
platform
windows10_x64
resource
win10-en-20211208
submitted
24-01-2022 00:54

Sharing

Report Analysis Logs

General

Target

db178a4101dfd5a6cee4518632c8d855270f9b3e83c04d7c75e4d97d378cf842.exe
Size

321KB
MD5

3155e5c1630e44a2b5db0f5017e27fea
SHA1

b5ddd9b21e0dc0f865e29f6e429a5f7e6ece038c
SHA256

db178a4101dfd5a6cee4518632c8d855270f9b3e83c04d7c75e4d97d378cf842
SHA512

22c76c7987fa85b28d962a31a1462d1c948f6f723b1f7c8dab22bc778717ff704f2143f3c3eb8f62a85c50aeeba4e2e895846e427789f9fac710483fed5fd5de

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

816 2760 WerFault.exe db178a4101dfd5a6cee4518632c8d855270f9b3e83c04d7c75e4d97d378cf842.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

WerFault.exe

pid	process
816	WerFault.exe
816	WerFault.exe
816	WerFault.exe
816	WerFault.exe
816	WerFault.exe
816	WerFault.exe
816	WerFault.exe
816	WerFault.exe
816	WerFault.exe
816	WerFault.exe
816	WerFault.exe
816	WerFault.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

WerFault.exe

description pid process

Token: SeRestorePrivilege 816 WerFault.exe
Token: SeBackupPrivilege 816 WerFault.exe
Token: SeDebugPrivilege 816 WerFault.exe

C:\Users\Admin\AppData\Local\Temp\db178a4101dfd5a6cee4518632c8d855270f9b3e83c04d7c75e4d97d378cf842.exe
"C:\Users\Admin\AppData\Local\Temp\db178a4101dfd5a6cee4518632c8d855270f9b3e83c04d7c75e4d97d378cf842.exe"
1⤵
PID:2760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 220
2⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...