Analysis
-
max time kernel
8s -
max time network
11s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
15-11-2020 22:41
Static task
static1
Behavioral task
behavioral1
Sample
5fe62b6f7ebd38ad3863950e94b4cc2c634811a4c22ade13b38c29ab10a4d602.dll
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
5fe62b6f7ebd38ad3863950e94b4cc2c634811a4c22ade13b38c29ab10a4d602.dll
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
5fe62b6f7ebd38ad3863950e94b4cc2c634811a4c22ade13b38c29ab10a4d602.dll
-
Size
256KB
-
MD5
25e20128c27b2c60235e17e6cba63e11
-
SHA1
87f2e0a280dd0a67b70ce87882e22d3929c6704c
-
SHA256
5fe62b6f7ebd38ad3863950e94b4cc2c634811a4c22ade13b38c29ab10a4d602
-
SHA512
38ad7182f4ad77137201888b2ff2e4e2c848681238f02f7c4285be1a9e3f81f7f50137c019f61131d02c81cbe321588a507eb720c98f789881fa0f07204c5aa3
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1412 1848 WerFault.exe rundll32.exe -
Suspicious behavior: EnumeratesProcesses 5 IoCs
Processes:
WerFault.exepid process 1412 WerFault.exe 1412 WerFault.exe 1412 WerFault.exe 1412 WerFault.exe 1412 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 1412 WerFault.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1848 wrote to memory of 1412 1848 rundll32.exe WerFault.exe PID 1848 wrote to memory of 1412 1848 rundll32.exe WerFault.exe PID 1848 wrote to memory of 1412 1848 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5fe62b6f7ebd38ad3863950e94b4cc2c634811a4c22ade13b38c29ab10a4d602.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1848 -s 1082⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken