Analysis
-
max time kernel
126s -
max time network
21s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
10-07-2021 10:37
Behavioral task
behavioral1
Sample
e446b4ca910c3ff3b3add0fb35b3120385d880f7cf02ca21ba872e1d57eb39dd.bin.sample.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
e446b4ca910c3ff3b3add0fb35b3120385d880f7cf02ca21ba872e1d57eb39dd.bin.sample.dll
Resource
win10v20210410
windows10_x64
0 signatures
0 seconds
General
-
Target
e446b4ca910c3ff3b3add0fb35b3120385d880f7cf02ca21ba872e1d57eb39dd.bin.sample.dll
-
Size
8.3MB
-
MD5
cf903aa75574ea4b1be9c96a027203d3
-
SHA1
b9c5441919d9a247aa7449b354bb8c100665d23e
-
SHA256
e446b4ca910c3ff3b3add0fb35b3120385d880f7cf02ca21ba872e1d57eb39dd
-
SHA512
152dbd473d2277a95ec79a3d57f047ec8026617efc0117ad82d20102ca6a45c8ebb1a237fb0b0c0a40d5dee10c5f240cf946de73cdd11a523138270bad891b1f
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2028 2004 WerFault.exe rundll32.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
WerFault.exepid process 2028 WerFault.exe 2028 WerFault.exe 2028 WerFault.exe 2028 WerFault.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
WerFault.exepid process 2028 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 2028 WerFault.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 1028 wrote to memory of 2004 1028 rundll32.exe rundll32.exe PID 1028 wrote to memory of 2004 1028 rundll32.exe rundll32.exe PID 1028 wrote to memory of 2004 1028 rundll32.exe rundll32.exe PID 1028 wrote to memory of 2004 1028 rundll32.exe rundll32.exe PID 1028 wrote to memory of 2004 1028 rundll32.exe rundll32.exe PID 1028 wrote to memory of 2004 1028 rundll32.exe rundll32.exe PID 1028 wrote to memory of 2004 1028 rundll32.exe rundll32.exe PID 2004 wrote to memory of 2028 2004 rundll32.exe WerFault.exe PID 2004 wrote to memory of 2028 2004 rundll32.exe WerFault.exe PID 2004 wrote to memory of 2028 2004 rundll32.exe WerFault.exe PID 2004 wrote to memory of 2028 2004 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e446b4ca910c3ff3b3add0fb35b3120385d880f7cf02ca21ba872e1d57eb39dd.bin.sample.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e446b4ca910c3ff3b3add0fb35b3120385d880f7cf02ca21ba872e1d57eb39dd.bin.sample.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 1963⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken