7e615d6e77cac47e870af31dedd5e54deb422f65711e4bb09d7186a9efb2cf0f | Triage

Analysis

max time kernel
1325s
max time network
1160s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
07/12/2023, 15:25

Sharing

Report Analysis Logs

General

Target

cryptowall.exe
Size

240KB
MD5

47363b94cee907e2b8926c1be61150c7
SHA1

ca963033b9a285b8cd0044df38146a932c838071
SHA256

45317968759d3e37282ceb75149f627d648534c5b4685f6da3966d8f6fca662d
SHA512

93dfaafc183360829448887a112dd49c90ec5fe50dcd7c7bbc06c1c8daa206eeea5577f726d906446322c731d0520e93700d5ff9cefd730fba347c72b7325068
SSDEEP

3072:xkeyloECBch6ZCGBGSmHJ0y5lj6jdojK7+MGOXpXx8z3Lp7Yoq:xGlnCIwMpj6ijKfxx8z3F0V

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1416	1956	WerFault.exe	85

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1956	cryptowall.exe
Token: SeIncBasePriorityPrivilege	1956	cryptowall.exe

C:\Users\Admin\AppData\Local\Temp\cryptowall.exe
"C:\Users\Admin\AppData\Local\Temp\cryptowall.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1956
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 472
  2⤵
  - Program crash
  PID:1416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1956 -ip 1956
1⤵
PID:1392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads