84b87be120ec7d63af6e791e1642c63d4d83c09a1726f3b036c19547ccbef6be

Resubmissions

12-05-2021 09:09

12-07-2020 13:12

Target

test_00690000.bin.dll
Size

204KB
MD5

82401a076fce0af2b913f8c904d8c9e3
SHA1

eadfb9becbe7b2e8dc9aaf1f09aac0276df4b2ec
SHA256

84b87be120ec7d63af6e791e1642c63d4d83c09a1726f3b036c19547ccbef6be
SHA512

8f53fc66a4413295e9b47878b8d4706d6115d308d91b2728656791e7c2ed38df29552dda5cd2537d71f81d17f3ba470e271a24e99d6b8ca8892a22daa3335bbe

Score

10^/10

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1196 wrote to memory of 1300	1196	rundll32.exe	24
PID 1196 wrote to memory of 1300	1196	rundll32.exe	24
PID 1196 wrote to memory of 1300	1196	rundll32.exe	24
PID 1196 wrote to memory of 1300	1196	rundll32.exe	24
PID 1196 wrote to memory of 1300	1196	rundll32.exe	24
PID 1196 wrote to memory of 1300	1196	rundll32.exe	24
PID 1196 wrote to memory of 1300	1196	rundll32.exe	24
PID 1300 wrote to memory of 836	1300	rundll32.exe	25
PID 1300 wrote to memory of 836	1300	rundll32.exe	25
PID 1300 wrote to memory of 836	1300	rundll32.exe	25
PID 1300 wrote to memory of 836	1300	rundll32.exe	25

Program crash 1 IoCs

pid	pid_target	Process	procid_target
836	1300	WerFault.exe	24

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	836	WerFault.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
836	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\test_00690000.bin.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1196
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\test_00690000.bin.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1300
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 232
    3⤵
    - Program crash
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    PID:836

memory/836-2-0x0000000001D60000-0x0000000001D71000-memory.dmp

Filesize
68KB

Download
memory/836-4-0x00000000024B0000-0x00000000024C1000-memory.dmp

Filesize
68KB

Download