Overview
overview
10Static
static
1003e7aaf552...bb.dll
windows7_x64
103e7aaf552...bb.dll
windows10_x64
116b04fe267...b7.dll
windows7_x64
116b04fe267...b7.dll
windows10_x64
12c4b454fe3...d6.dll
windows7_x64
12c4b454fe3...d6.dll
windows10_x64
16ba6d85cc3...ad.dll
windows7_x64
16ba6d85cc3...ad.dll
windows10_x64
180e8788a7f...05.dll
windows7_x64
180e8788a7f...05.dll
windows10_x64
1971b2ad87c...0a.dll
windows7_x64
3971b2ad87c...0a.dll
windows10_x64
39ccf017ae4...32.dll
windows7_x64
19ccf017ae4...32.dll
windows10_x64
1cb0cbf5026...80.dll
windows7_x64
1cb0cbf5026...80.dll
windows10_x64
1ebd5039cce...19.dll
windows7_x64
1ebd5039cce...19.dll
windows10_x64
1f2a4209796...fc.dll
windows7_x64
1f2a4209796...fc.dll
windows10_x64
1Analysis
-
max time kernel
13s -
max time network
101s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
30-03-2021 11:37
Behavioral task
behavioral1
Sample
03e7aaf552592613cd509fcb822068748e42eb876be969565c1d405b073ccbbb.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
03e7aaf552592613cd509fcb822068748e42eb876be969565c1d405b073ccbbb.dll
Resource
win10v20201028
Behavioral task
behavioral3
Sample
16b04fe2674ddd0fa8722fbd69a1b37620c69385ba9e3811faa3b66734c2fab7.dll
Resource
win7v20201028
Behavioral task
behavioral4
Sample
16b04fe2674ddd0fa8722fbd69a1b37620c69385ba9e3811faa3b66734c2fab7.dll
Resource
win10v20201028
Behavioral task
behavioral5
Sample
2c4b454fe37acdb7c23d75924d4ffcda2943c0622d9d371c5c70717a242499d6.dll
Resource
win7v20201028
Behavioral task
behavioral6
Sample
2c4b454fe37acdb7c23d75924d4ffcda2943c0622d9d371c5c70717a242499d6.dll
Resource
win10v20201028
Behavioral task
behavioral7
Sample
6ba6d85cc30a01fca2719e0a11fa6c44c850c4c6bf8d57d30e5ed3665937aead.dll
Resource
win7v20201028
Behavioral task
behavioral8
Sample
6ba6d85cc30a01fca2719e0a11fa6c44c850c4c6bf8d57d30e5ed3665937aead.dll
Resource
win10v20201028
Behavioral task
behavioral9
Sample
80e8788a7fc1925d62517ee3f0c7d161a5bb89a8e93f22d007e4c1203952c905.dll
Resource
win7v20201028
Behavioral task
behavioral10
Sample
80e8788a7fc1925d62517ee3f0c7d161a5bb89a8e93f22d007e4c1203952c905.dll
Resource
win10v20201028
Behavioral task
behavioral11
Sample
971b2ad87ced696d68e9476f746735096bf22656331b7bdf3b3f325c2ae1950a.dll
Resource
win7v20201028
Behavioral task
behavioral12
Sample
971b2ad87ced696d68e9476f746735096bf22656331b7bdf3b3f325c2ae1950a.dll
Resource
win10v20201028
Behavioral task
behavioral13
Sample
9ccf017ae49bab69354c3d0c4625b0286450b637c8d71dc1aec1022fc576b532.dll
Resource
win7v20201028
Behavioral task
behavioral14
Sample
9ccf017ae49bab69354c3d0c4625b0286450b637c8d71dc1aec1022fc576b532.dll
Resource
win10v20201028
Behavioral task
behavioral15
Sample
cb0cbf5026d0221243179a81580df6d35347ed381a2e1ac002bec6bc3f500b80.dll
Resource
win7v20201028
Behavioral task
behavioral16
Sample
cb0cbf5026d0221243179a81580df6d35347ed381a2e1ac002bec6bc3f500b80.dll
Resource
win10v20201028
Behavioral task
behavioral17
Sample
ebd5039cce22ae8a299533fe2350fc170763e7a7fe3c315ca417865ab086a019.dll
Resource
win7v20201028
Behavioral task
behavioral18
Sample
ebd5039cce22ae8a299533fe2350fc170763e7a7fe3c315ca417865ab086a019.dll
Resource
win10v20201028
Behavioral task
behavioral19
Sample
f2a42097966b356234e73bd49c3e3eaa0a389809383549d92f7172a98211d3fc.dll
Resource
win7v20201028
Behavioral task
behavioral20
Sample
f2a42097966b356234e73bd49c3e3eaa0a389809383549d92f7172a98211d3fc.dll
Resource
win10v20201028
General
-
Target
971b2ad87ced696d68e9476f746735096bf22656331b7bdf3b3f325c2ae1950a.dll
-
Size
8.3MB
-
MD5
3ada446f10c2dc41e0e15d698b651db2
-
SHA1
3fbe80c5ea88f96eae4cddc0f69d61c5b0b04a64
-
SHA256
971b2ad87ced696d68e9476f746735096bf22656331b7bdf3b3f325c2ae1950a
-
SHA512
0d6b9ecaa1b3ca82e7e2f9ce03a5bb3d876a4c1b8b4c6fa65f3f5566c05b6a2c19af7c85398a9ada7c0da0535f7439cad719c52d3ab5e54858ed4a25bd825a67
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4008 1328 WerFault.exe rundll32.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 4008 WerFault.exe 4008 WerFault.exe 4008 WerFault.exe 4008 WerFault.exe 4008 WerFault.exe 4008 WerFault.exe 4008 WerFault.exe 4008 WerFault.exe 4008 WerFault.exe 4008 WerFault.exe 4008 WerFault.exe 4008 WerFault.exe 4008 WerFault.exe 4008 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 4008 WerFault.exe Token: SeBackupPrivilege 4008 WerFault.exe Token: SeDebugPrivilege 4008 WerFault.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1284 wrote to memory of 1328 1284 rundll32.exe rundll32.exe PID 1284 wrote to memory of 1328 1284 rundll32.exe rundll32.exe PID 1284 wrote to memory of 1328 1284 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\971b2ad87ced696d68e9476f746735096bf22656331b7bdf3b3f325c2ae1950a.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\971b2ad87ced696d68e9476f746735096bf22656331b7bdf3b3f325c2ae1950a.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 6003⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken