45b4b25fc4fe7b28e9e03936858a708d395d574962bc7ededa347a120120e656 | Triage

Analysis

max time kernel
135s
max time network
137s
platform
windows7_x64
resource
win7v20201028
submitted
17-11-2020 11:54

Sharing

Report Analysis Logs

General

Target

8323642eddd9f2fc8dd4c29daa8c0538.dll
Size

256KB
MD5

7db2604c11d6941f3b7091da1349d756
SHA1

8a9bf767a845ea1fb28b2df436d6ac789b62355e
SHA256

45b4b25fc4fe7b28e9e03936858a708d395d574962bc7ededa347a120120e656
SHA512

5b3b5f5c99f09146fce25d6bba4e465f89b3901aa190c3a97859ef07223e4359795339f20aec0d2f2eea4026edd71854ffd391bc0d8fa546a7baeb2d73e16c16

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1296 1880 WerFault.exe rundll32.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

WerFault.exe

pid process

1296 WerFault.exe
1296 WerFault.exe
1296 WerFault.exe
1296 WerFault.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

WerFault.exe

description pid process

Token: SeDebugPrivilege 1296 WerFault.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1880 wrote to memory of 1296	1880	rundll32.exe	WerFault.exe
PID 1880 wrote to memory of 1296	1880	rundll32.exe	WerFault.exe
PID 1880 wrote to memory of 1296	1880	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8323642eddd9f2fc8dd4c29daa8c0538.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1880
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1880 -s 108
  2⤵
  - Program crash
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1296-0-0x0000000000000000-mapping.dmp

Download
memory/1296-1-0x0000000001EA0000-0x0000000001EB1000-memory.dmp

Filesize
68KB

Download
memory/1296-2-0x00000000026C0000-0x00000000026D1000-memory.dmp

Filesize
68KB

Download