Analysis
-
max time kernel
12s -
max time network
115s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
12-11-2020 14:07
Static task
static1
Behavioral task
behavioral1
Sample
c1c64277c182c6ff91f51720b562b92e40beb7622459bec21a48c16d40650414.dll
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
c1c64277c182c6ff91f51720b562b92e40beb7622459bec21a48c16d40650414.dll
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
c1c64277c182c6ff91f51720b562b92e40beb7622459bec21a48c16d40650414.dll
-
Size
256KB
-
MD5
195b92ab2e9b2ff98c42b764331c5619
-
SHA1
4cbde98fc024a4e4930f7558883403216d939569
-
SHA256
c1c64277c182c6ff91f51720b562b92e40beb7622459bec21a48c16d40650414
-
SHA512
0e8686f99ac03733cbd32b0286526f8302583ae1c1a3d55c80bfd84a8d82857b55061363e31ab6862decd10e51b1931e578dd7cefd633ec4d884c6af224a6be5
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4916 4644 WerFault.exe rundll32.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 4916 WerFault.exe 4916 WerFault.exe 4916 WerFault.exe 4916 WerFault.exe 4916 WerFault.exe 4916 WerFault.exe 4916 WerFault.exe 4916 WerFault.exe 4916 WerFault.exe 4916 WerFault.exe 4916 WerFault.exe 4916 WerFault.exe 4916 WerFault.exe 4916 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 4916 WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c1c64277c182c6ff91f51720b562b92e40beb7622459bec21a48c16d40650414.dll,#11⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4644 -s 2922⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken