84b87be120ec7d63af6e791e1642c63d4d83c09a1726f3b036c19547ccbef6be

Resubmissions

12/05/2021, 09:09

12/07/2020, 13:12

Target

test_00690000.bin.dll
Size

204KB
MD5

82401a076fce0af2b913f8c904d8c9e3
SHA1

eadfb9becbe7b2e8dc9aaf1f09aac0276df4b2ec
SHA256

84b87be120ec7d63af6e791e1642c63d4d83c09a1726f3b036c19547ccbef6be
SHA512

8f53fc66a4413295e9b47878b8d4706d6115d308d91b2728656791e7c2ed38df29552dda5cd2537d71f81d17f3ba470e271a24e99d6b8ca8892a22daa3335bbe

Score

10^/10

Suspicious use of AdjustPrivilegeToken 3 IoCs

Suspicious behavior: EnumeratesProcesses 13 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3944 wrote to memory of 3640	3944	rundll32.exe	66
PID 3944 wrote to memory of 3640	3944	rundll32.exe	66
PID 3944 wrote to memory of 3640	3944	rundll32.exe	66

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3728	3640	WerFault.exe	66

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\test_00690000.bin.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3944
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\test_00690000.bin.dll,#1
  2⤵
  PID:3640
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 636
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious behavior: EnumeratesProcesses
    - Program crash
    PID:3728

memory/3728-1-0x00000000043E0000-0x00000000043E1000-memory.dmp

Filesize
4KB

Download
memory/3728-5-0x0000000004A90000-0x0000000004A91000-memory.dmp

Filesize
4KB

Download