Analysis
-
max time kernel
18s -
max time network
113s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
12-11-2020 14:38
Static task
static1
Behavioral task
behavioral1
Sample
1d107c6a40ea4587904c46a5e1b0536ac6ab2e0182a2c05dc2d677723652f2b9.dll
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
1d107c6a40ea4587904c46a5e1b0536ac6ab2e0182a2c05dc2d677723652f2b9.dll
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
1d107c6a40ea4587904c46a5e1b0536ac6ab2e0182a2c05dc2d677723652f2b9.dll
-
Size
256KB
-
MD5
07281bad5bfb51fc0d8854af34e75e8f
-
SHA1
21b59cd030e6f11546442e390c4d2ea5d2755279
-
SHA256
1d107c6a40ea4587904c46a5e1b0536ac6ab2e0182a2c05dc2d677723652f2b9
-
SHA512
93623b283bc9f8b2fe4140bb81bfd4a42844a5ec62e9f7f4e6ca22a8cd199ae930bb3651ea98f5b4d900b777d631f7d5d71db399bcf4225b447e2fab8cf0beb6
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1752 2604 WerFault.exe rundll32.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 1752 WerFault.exe 1752 WerFault.exe 1752 WerFault.exe 1752 WerFault.exe 1752 WerFault.exe 1752 WerFault.exe 1752 WerFault.exe 1752 WerFault.exe 1752 WerFault.exe 1752 WerFault.exe 1752 WerFault.exe 1752 WerFault.exe 1752 WerFault.exe 1752 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 1752 WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1d107c6a40ea4587904c46a5e1b0536ac6ab2e0182a2c05dc2d677723652f2b9.dll,#11⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2604 -s 2922⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken