Analysis
-
max time kernel
3s -
max time network
8s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
11-11-2020 11:11
Static task
static1
Behavioral task
behavioral1
Sample
0b7a0dee5961536b4ffabb9bac761478223e2c7a79e98c866139af60adf9e79b.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
0b7a0dee5961536b4ffabb9bac761478223e2c7a79e98c866139af60adf9e79b.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
0b7a0dee5961536b4ffabb9bac761478223e2c7a79e98c866139af60adf9e79b.dll
-
Size
304KB
-
MD5
10c6b6a828f631799993e66485823fb2
-
SHA1
68bdf62e533bce4eb2ebc863d03895b090dc09f4
-
SHA256
0b7a0dee5961536b4ffabb9bac761478223e2c7a79e98c866139af60adf9e79b
-
SHA512
ae099300aacd6f6109c0d6224b500a9f3dabe4aad3db30b1f71988fa3223163e50fd0b0655bd0f69c79494c09c7e1af3ed60d35a6a61c9434fd054b7014c2faf
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1472 1900 WerFault.exe rundll32.exe -
Suspicious behavior: EnumeratesProcesses 5 IoCs
Processes:
WerFault.exepid process 1472 WerFault.exe 1472 WerFault.exe 1472 WerFault.exe 1472 WerFault.exe 1472 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 1472 WerFault.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1900 wrote to memory of 1472 1900 rundll32.exe WerFault.exe PID 1900 wrote to memory of 1472 1900 rundll32.exe WerFault.exe PID 1900 wrote to memory of 1472 1900 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0b7a0dee5961536b4ffabb9bac761478223e2c7a79e98c866139af60adf9e79b.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1900 -s 562⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken