Analysis
-
max time kernel
13s -
max time network
107s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
11-11-2020 11:11
General
-
Target
77650b321630c0c52663e766bd245d28558f5cf11daa55045b9a97f5f3084810.dll
-
Size
254KB
-
MD5
8dd9391ba8edbe49c8634e1506ba9faa
-
SHA1
d73f98361bc959a6f406a7af5f69ef8c3c0bb4a0
-
SHA256
77650b321630c0c52663e766bd245d28558f5cf11daa55045b9a97f5f3084810
-
SHA512
97395cc55476eeecc728cc9f486a55771cf7f1dc9da2488555f5fecfc306fd8e3d521cde44a30444639ff822fe1329c09fc401170e9b1388a923cdc1b4aee79e
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\77650b321630c0c52663e766bd245d28558f5cf11daa55045b9a97f5f3084810.dll,#11⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1192 -s 2922⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3944-0-0x000001315F410000-0x000001315F411000-memory.dmpFilesize
4KB
-
memory/3944-1-0x00000131601B0000-0x00000131601B1000-memory.dmpFilesize
4KB
-
memory/3944-2-0x00000131601B0000-0x00000131601B1000-memory.dmpFilesize
4KB
-
memory/3944-3-0x00000131601B0000-0x00000131601B1000-memory.dmpFilesize
4KB
-
memory/3944-4-0x00000131601B0000-0x00000131601B1000-memory.dmpFilesize
4KB
-
memory/3944-5-0x00000131601B0000-0x00000131601B1000-memory.dmpFilesize
4KB
-
memory/3944-6-0x00000131601B0000-0x00000131601B1000-memory.dmpFilesize
4KB
-
memory/3944-7-0x00000131601B0000-0x00000131601B1000-memory.dmpFilesize
4KB
-
memory/3944-8-0x00000131601B0000-0x00000131601B1000-memory.dmpFilesize
4KB
-
memory/3944-9-0x00000131601B0000-0x00000131601B1000-memory.dmpFilesize
4KB
-
memory/3944-10-0x00000131601B0000-0x00000131601B1000-memory.dmpFilesize
4KB
-
memory/3944-11-0x00000131601B0000-0x00000131601B1000-memory.dmpFilesize
4KB
-
memory/3944-12-0x00000131601B0000-0x00000131601B1000-memory.dmpFilesize
4KB
-
memory/3944-13-0x00000131601B0000-0x00000131601B1000-memory.dmpFilesize
4KB
-
memory/3944-14-0x00000131601B0000-0x00000131601B1000-memory.dmpFilesize
4KB
-
memory/3944-15-0x00000131601B0000-0x00000131601B1000-memory.dmpFilesize
4KB
-
memory/3944-16-0x00000131601B0000-0x00000131601B1000-memory.dmpFilesize
4KB
-
memory/3944-18-0x00000131601B0000-0x00000131601B1000-memory.dmpFilesize
4KB
-
memory/3944-17-0x00000131601B0000-0x00000131601B1000-memory.dmpFilesize
4KB
-
memory/3944-19-0x00000131601B0000-0x00000131601B1000-memory.dmpFilesize
4KB
-
memory/3944-20-0x00000131601B0000-0x00000131601B1000-memory.dmpFilesize
4KB
-
memory/3944-21-0x00000131601B0000-0x00000131601B1000-memory.dmpFilesize
4KB
-
memory/3944-22-0x00000131601B0000-0x00000131601B1000-memory.dmpFilesize
4KB
-
memory/3944-23-0x00000131601B0000-0x00000131601B1000-memory.dmpFilesize
4KB
-
memory/3944-24-0x00000131601B0000-0x00000131601B1000-memory.dmpFilesize
4KB
-
memory/3944-25-0x00000131601B0000-0x00000131601B1000-memory.dmpFilesize
4KB
-
memory/3944-26-0x00000131601B0000-0x00000131601B1000-memory.dmpFilesize
4KB
-
memory/3944-27-0x00000131601B0000-0x00000131601B1000-memory.dmpFilesize
4KB