2ee68560ea19925f91153c44e1ffacc2c982162fd00f330a0e40647099911b3b | Triage

Analysis

max time kernel
122s
max time network
131s
platform
windows10_x64
resource
win10-en-20211208
submitted
28-01-2022 17:23

Sharing

Report Analysis Logs

General

Target

a26e215a307069487644e70164a0cd8d69b40b0c.exe
Size

157KB
MD5

b6f6a416704bcf744096648bb11f829f
SHA1

a26e215a307069487644e70164a0cd8d69b40b0c
SHA256

9a289ae036b2fdac5cf0873095a3578cedc5323d27a9995a9651a5388bcd76f9
SHA512

ed26c1fe5bc0874a4ff7f57f25cc0b3e5cc39162002f53b401c510bdb8fd70c96978c95ae8d364f71af23a92eb40fa97219bd057c9741e529df234b897b871eb

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

660 2784 WerFault.exe a26e215a307069487644e70164a0cd8d69b40b0c.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

Processes:

WerFault.exe

pid	process
660	WerFault.exe
660	WerFault.exe
660	WerFault.exe
660	WerFault.exe
660	WerFault.exe
660	WerFault.exe
660	WerFault.exe
660	WerFault.exe
660	WerFault.exe
660	WerFault.exe
660	WerFault.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

WerFault.exe

description pid process

Token: SeRestorePrivilege 660 WerFault.exe
Token: SeBackupPrivilege 660 WerFault.exe
Token: SeDebugPrivilege 660 WerFault.exe

C:\Users\Admin\AppData\Local\Temp\a26e215a307069487644e70164a0cd8d69b40b0c.exe
"C:\Users\Admin\AppData\Local\Temp\a26e215a307069487644e70164a0cd8d69b40b0c.exe"
1⤵
PID:2784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 232
2⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:660

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...