Analysis
-
max time kernel
3s -
max time network
8s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
15-11-2020 23:12
Static task
static1
Behavioral task
behavioral1
Sample
829d53beaf477b401883667122b54a965fe974f4c11fb2ba81335c8a13cbcc29.dll
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
829d53beaf477b401883667122b54a965fe974f4c11fb2ba81335c8a13cbcc29.dll
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
829d53beaf477b401883667122b54a965fe974f4c11fb2ba81335c8a13cbcc29.dll
-
Size
256KB
-
MD5
ea8801018764c994eeefd0281a04e9b9
-
SHA1
46e28b99e7a224366f7bf2c8b60260726d1cb1d7
-
SHA256
829d53beaf477b401883667122b54a965fe974f4c11fb2ba81335c8a13cbcc29
-
SHA512
0136bc0866d00c927a4255dc16288a6eacc02df94e2afdd22a25cb1926cec477e7c8102e3a8ca1ea32b21af57ab52ae072cf7c863e94154f712bd329a151999b
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2008 1644 WerFault.exe rundll32.exe -
Suspicious behavior: EnumeratesProcesses 5 IoCs
Processes:
WerFault.exepid process 2008 WerFault.exe 2008 WerFault.exe 2008 WerFault.exe 2008 WerFault.exe 2008 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 2008 WerFault.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1644 wrote to memory of 2008 1644 rundll32.exe WerFault.exe PID 1644 wrote to memory of 2008 1644 rundll32.exe WerFault.exe PID 1644 wrote to memory of 2008 1644 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\829d53beaf477b401883667122b54a965fe974f4c11fb2ba81335c8a13cbcc29.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1644 -s 1082⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken