Analysis
-
max time kernel
100s -
max time network
102s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
12-11-2020 14:07
Static task
static1
Behavioral task
behavioral1
Sample
c1c64277c182c6ff91f51720b562b92e40beb7622459bec21a48c16d40650414.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
c1c64277c182c6ff91f51720b562b92e40beb7622459bec21a48c16d40650414.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
c1c64277c182c6ff91f51720b562b92e40beb7622459bec21a48c16d40650414.dll
-
Size
256KB
-
MD5
195b92ab2e9b2ff98c42b764331c5619
-
SHA1
4cbde98fc024a4e4930f7558883403216d939569
-
SHA256
c1c64277c182c6ff91f51720b562b92e40beb7622459bec21a48c16d40650414
-
SHA512
0e8686f99ac03733cbd32b0286526f8302583ae1c1a3d55c80bfd84a8d82857b55061363e31ab6862decd10e51b1931e578dd7cefd633ec4d884c6af224a6be5
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1832 684 WerFault.exe rundll32.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
WerFault.exepid process 1832 WerFault.exe 1832 WerFault.exe 1832 WerFault.exe 1832 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 1832 WerFault.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 684 wrote to memory of 1832 684 rundll32.exe WerFault.exe PID 684 wrote to memory of 1832 684 rundll32.exe WerFault.exe PID 684 wrote to memory of 1832 684 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c1c64277c182c6ff91f51720b562b92e40beb7622459bec21a48c16d40650414.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:684 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 684 -s 1082⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1832