Analysis
-
max time kernel
22s -
max time network
25s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
15-11-2020 22:38
Static task
static1
Behavioral task
behavioral1
Sample
24664c11778ac8e24496f50e8428a1ba88efb9e5459d2ab42237ce0801471f45.dll
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
24664c11778ac8e24496f50e8428a1ba88efb9e5459d2ab42237ce0801471f45.dll
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
24664c11778ac8e24496f50e8428a1ba88efb9e5459d2ab42237ce0801471f45.dll
-
Size
304KB
-
MD5
c083bdae59044dd8587025696b5bd146
-
SHA1
9d8f7d44c58de10c5fa0e3d9476b52f732e29d4a
-
SHA256
24664c11778ac8e24496f50e8428a1ba88efb9e5459d2ab42237ce0801471f45
-
SHA512
bd2c37cff833b25be3e521da47709949182e8e0dcf0e1ce19fdaba828916a3112bc130ad5df0cfc652d590cd73b2bc042e1337b4eb41af18231bae190716a87f
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1440 1080 WerFault.exe rundll32.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
WerFault.exepid process 1440 WerFault.exe 1440 WerFault.exe 1440 WerFault.exe 1440 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 1440 WerFault.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1080 wrote to memory of 1440 1080 rundll32.exe WerFault.exe PID 1080 wrote to memory of 1440 1080 rundll32.exe WerFault.exe PID 1080 wrote to memory of 1440 1080 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\24664c11778ac8e24496f50e8428a1ba88efb9e5459d2ab42237ce0801471f45.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1080 -s 562⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken