Analysis
-
max time kernel
113s -
max time network
120s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
17-11-2020 11:47
Static task
static1
Behavioral task
behavioral1
Sample
3a6af9b8a093832ce3baff8d9a2f1bd5.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
3a6af9b8a093832ce3baff8d9a2f1bd5.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
3a6af9b8a093832ce3baff8d9a2f1bd5.dll
-
Size
255KB
-
MD5
d59a81c4e8d9de5c6800bf0c153d4f79
-
SHA1
14c85cb393c5eae6fce702acc8f110737486db09
-
SHA256
892b527aa1af87a0a572b9c86be5aedb1ab3f9f68775b9fa0e6cc6bba069f9d3
-
SHA512
1cfbe94e77085180d0d832087679fb208d8e9fcf7b9f1b7808e57c238116e487054366a693e61111d2017ab035bc927ecdfc99eb702056fa4d917f12319a4657
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3768 728 WerFault.exe rundll32.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 3768 WerFault.exe 3768 WerFault.exe 3768 WerFault.exe 3768 WerFault.exe 3768 WerFault.exe 3768 WerFault.exe 3768 WerFault.exe 3768 WerFault.exe 3768 WerFault.exe 3768 WerFault.exe 3768 WerFault.exe 3768 WerFault.exe 3768 WerFault.exe 3768 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 3768 WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3a6af9b8a093832ce3baff8d9a2f1bd5.dll,#11⤵PID:728
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 728 -s 3282⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3768