Analysis
-
max time kernel
3s -
max time network
8s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
12-11-2020 13:58
Static task
static1
Behavioral task
behavioral1
Sample
57c0d780e0e67485183d1d4319858244d58555effc7b4e5eb73b6d86e9c6a9d1.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
57c0d780e0e67485183d1d4319858244d58555effc7b4e5eb73b6d86e9c6a9d1.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
57c0d780e0e67485183d1d4319858244d58555effc7b4e5eb73b6d86e9c6a9d1.dll
-
Size
254KB
-
MD5
76828770db6f9633f3fbefe6d61d0df8
-
SHA1
7259970e1240dfb42ab54b0aa9f2cc25be3be535
-
SHA256
57c0d780e0e67485183d1d4319858244d58555effc7b4e5eb73b6d86e9c6a9d1
-
SHA512
d7452471e92bbc8330f34b61f05fe31fa32da5fa2421fc122c3e30fecd3c1105b911c6158aebe334ed371976e8f06afc643d272d90031a7ceee0c8aa3dcf9604
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1920 848 WerFault.exe rundll32.exe -
Suspicious behavior: EnumeratesProcesses 5 IoCs
Processes:
WerFault.exepid process 1920 WerFault.exe 1920 WerFault.exe 1920 WerFault.exe 1920 WerFault.exe 1920 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 1920 WerFault.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 848 wrote to memory of 1920 848 rundll32.exe WerFault.exe PID 848 wrote to memory of 1920 848 rundll32.exe WerFault.exe PID 848 wrote to memory of 1920 848 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\57c0d780e0e67485183d1d4319858244d58555effc7b4e5eb73b6d86e9c6a9d1.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 848 -s 1082⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken