Analysis
-
max time kernel
91s -
max time network
94s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
12-11-2020 13:52
Static task
static1
Behavioral task
behavioral1
Sample
f78589df0160b6790ab80478837369c5c7c42b26614291cd53000a8d9de7a23e.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
f78589df0160b6790ab80478837369c5c7c42b26614291cd53000a8d9de7a23e.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
f78589df0160b6790ab80478837369c5c7c42b26614291cd53000a8d9de7a23e.dll
-
Size
256KB
-
MD5
bbef69d2df132b209f97ca3e0162e038
-
SHA1
8b6c271d8482bca3969316ea5677c0990c3d5937
-
SHA256
f78589df0160b6790ab80478837369c5c7c42b26614291cd53000a8d9de7a23e
-
SHA512
0a68b41fc67aa24d0ed39cd27990dfe329362fa725325d069fcee8ec623353f2455086a04273be4eb4fcce06abcc848e08488aba4fa6a8a6ec277f2aa92e9df4
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1992 536 WerFault.exe rundll32.exe -
Suspicious behavior: EnumeratesProcesses 5 IoCs
Processes:
WerFault.exepid process 1992 WerFault.exe 1992 WerFault.exe 1992 WerFault.exe 1992 WerFault.exe 1992 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 1992 WerFault.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 536 wrote to memory of 1992 536 rundll32.exe WerFault.exe PID 536 wrote to memory of 1992 536 rundll32.exe WerFault.exe PID 536 wrote to memory of 1992 536 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f78589df0160b6790ab80478837369c5c7c42b26614291cd53000a8d9de7a23e.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:536 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 536 -s 1082⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1992