f78589df0160b6790ab80478837369c5c7c42b26614291cd53000a8d9de7a23e | Triage

Analysis

max time kernel
91s
max time network
94s
platform
windows7_x64
resource
win7v20201028
submitted
12-11-2020 13:52

Sharing

Report Analysis Logs

General

Target

f78589df0160b6790ab80478837369c5c7c42b26614291cd53000a8d9de7a23e.dll
Size

256KB
MD5

bbef69d2df132b209f97ca3e0162e038
SHA1

8b6c271d8482bca3969316ea5677c0990c3d5937
SHA256

f78589df0160b6790ab80478837369c5c7c42b26614291cd53000a8d9de7a23e
SHA512

0a68b41fc67aa24d0ed39cd27990dfe329362fa725325d069fcee8ec623353f2455086a04273be4eb4fcce06abcc848e08488aba4fa6a8a6ec277f2aa92e9df4

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1992 536 WerFault.exe rundll32.exe
Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

WerFault.exe

pid process

1992 WerFault.exe
1992 WerFault.exe
1992 WerFault.exe
1992 WerFault.exe
1992 WerFault.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

WerFault.exe

description pid process

Token: SeDebugPrivilege 1992 WerFault.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 536 wrote to memory of 1992	536	rundll32.exe	WerFault.exe
PID 536 wrote to memory of 1992	536	rundll32.exe	WerFault.exe
PID 536 wrote to memory of 1992	536	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f78589df0160b6790ab80478837369c5c7c42b26614291cd53000a8d9de7a23e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:536

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 536 -s 108
2⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1992

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1992-0-0x0000000000000000-mapping.dmp

Download
memory/1992-1-0x0000000001F80000-0x0000000001F91000-memory.dmp

Filesize
68KB

Download
memory/1992-2-0x0000000002720000-0x0000000002731000-memory.dmp

Filesize
68KB

Download