84b87be120ec7d63af6e791e1642c63d4d83c09a1726f3b036c19547ccbef6be

Resubmissions

12/05/2021, 09:09

12/07/2020, 13:12

Target

test_00690000.bin.dll
Size

204KB
MD5

82401a076fce0af2b913f8c904d8c9e3
SHA1

eadfb9becbe7b2e8dc9aaf1f09aac0276df4b2ec
SHA256

84b87be120ec7d63af6e791e1642c63d4d83c09a1726f3b036c19547ccbef6be
SHA512

8f53fc66a4413295e9b47878b8d4706d6115d308d91b2728656791e7c2ed38df29552dda5cd2537d71f81d17f3ba470e271a24e99d6b8ca8892a22daa3335bbe

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3248	3996	WerFault.exe	70

Suspicious behavior: EnumeratesProcesses 14 IoCs

Suspicious use of AdjustPrivilegeToken 3 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3932 wrote to memory of 3996	3932	rundll32.exe	70
PID 3932 wrote to memory of 3996	3932	rundll32.exe	70
PID 3932 wrote to memory of 3996	3932	rundll32.exe	70

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\test_00690000.bin.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3932
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\test_00690000.bin.dll,#1
  2⤵
  PID:3996
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 640
    3⤵
    - Program crash
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3248