Analysis
-
max time kernel
6s -
max time network
13s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
11-11-2020 10:55
Static task
static1
Behavioral task
behavioral1
Sample
05d7313674fbfe1448cff6ce396458ea2cbc74d67be1ca00ae5532790be060b8.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
05d7313674fbfe1448cff6ce396458ea2cbc74d67be1ca00ae5532790be060b8.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
05d7313674fbfe1448cff6ce396458ea2cbc74d67be1ca00ae5532790be060b8.dll
-
Size
256KB
-
MD5
8323642eddd9f2fc8dd4c29daa8c0538
-
SHA1
3c12a3d6021f7a8618b01400e17ef03ece150716
-
SHA256
05d7313674fbfe1448cff6ce396458ea2cbc74d67be1ca00ae5532790be060b8
-
SHA512
c0465dfa743412eff9ec4147945d79e30ca3409dc36791d03226fee99639c60a6261acd81c1d9cd28c9f71ee748dbe95c6536e3c391dae1718c7b312b2e51e79
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1272 1816 WerFault.exe rundll32.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
WerFault.exepid process 1272 WerFault.exe 1272 WerFault.exe 1272 WerFault.exe 1272 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 1272 WerFault.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1816 wrote to memory of 1272 1816 rundll32.exe WerFault.exe PID 1816 wrote to memory of 1272 1816 rundll32.exe WerFault.exe PID 1816 wrote to memory of 1272 1816 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\05d7313674fbfe1448cff6ce396458ea2cbc74d67be1ca00ae5532790be060b8.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1816 -s 1082⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken