Analysis
-
max time kernel
3s -
max time network
8s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
12-11-2020 14:38
Static task
static1
Behavioral task
behavioral1
Sample
1d107c6a40ea4587904c46a5e1b0536ac6ab2e0182a2c05dc2d677723652f2b9.dll
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
1d107c6a40ea4587904c46a5e1b0536ac6ab2e0182a2c05dc2d677723652f2b9.dll
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
1d107c6a40ea4587904c46a5e1b0536ac6ab2e0182a2c05dc2d677723652f2b9.dll
-
Size
256KB
-
MD5
07281bad5bfb51fc0d8854af34e75e8f
-
SHA1
21b59cd030e6f11546442e390c4d2ea5d2755279
-
SHA256
1d107c6a40ea4587904c46a5e1b0536ac6ab2e0182a2c05dc2d677723652f2b9
-
SHA512
93623b283bc9f8b2fe4140bb81bfd4a42844a5ec62e9f7f4e6ca22a8cd199ae930bb3651ea98f5b4d900b777d631f7d5d71db399bcf4225b447e2fab8cf0beb6
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1128 1912 WerFault.exe rundll32.exe -
Suspicious behavior: EnumeratesProcesses 5 IoCs
Processes:
WerFault.exepid process 1128 WerFault.exe 1128 WerFault.exe 1128 WerFault.exe 1128 WerFault.exe 1128 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 1128 WerFault.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1912 wrote to memory of 1128 1912 rundll32.exe WerFault.exe PID 1912 wrote to memory of 1128 1912 rundll32.exe WerFault.exe PID 1912 wrote to memory of 1128 1912 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1d107c6a40ea4587904c46a5e1b0536ac6ab2e0182a2c05dc2d677723652f2b9.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1912 -s 1082⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken