c8da163b0c84637e8e40fb15add10d77ef3853af773f88bec56ff5a03c40e5ad | Triage

Analysis

max time kernel
168s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20220331-en
submitted
12-04-2022 07:38

Sharing

Report Analysis Logs

General

Target

bcaaf37e0beb6717d01b175e6bc78c44.exe
Size

3.8MB
MD5

bcaaf37e0beb6717d01b175e6bc78c44
SHA1

6ed8bd63cca483dd9e8bd742fd79d76bc87beccc
SHA256

c8da163b0c84637e8e40fb15add10d77ef3853af773f88bec56ff5a03c40e5ad
SHA512

481fd0295bb83951efac8b6c67d94ef5bee0255258855f16b103f6b846813f27ef697cddde12b3fc5b2b956de94cdb6dbba10a525fa617c6ef91180f0b690b9f

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4140	564	WerFault.exe	81

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	564	bcaaf37e0beb6717d01b175e6bc78c44.exe

C:\Users\Admin\AppData\Local\Temp\bcaaf37e0beb6717d01b175e6bc78c44.exe
"C:\Users\Admin\AppData\Local\Temp\bcaaf37e0beb6717d01b175e6bc78c44.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:564
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 564 -s 1360
  2⤵
  - Program crash
  PID:4140

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 424 -p 564 -ip 564
1⤵
PID:2028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/564-124-0x00000171FEB90000-0x00000171FEBF2000-memory.dmp

Filesize
392KB

Download
memory/564-125-0x00007FFA4A780000-0x00007FFA4B241000-memory.dmp

Filesize
10.8MB

Download
memory/564-126-0x0000017199EA0000-0x0000017199EA2000-memory.dmp

Filesize
8KB

Download