Analysis
-
max time kernel
107s -
max time network
12s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
27-07-2021 22:11
Static task
static1
Behavioral task
behavioral1
Sample
690c488a9902978f2ef05aa23d21f4fa30a52dd9d11191f9b49667cd08618d87.bin.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
690c488a9902978f2ef05aa23d21f4fa30a52dd9d11191f9b49667cd08618d87.bin.dll
Resource
win10v20210410
windows10_x64
0 signatures
0 seconds
General
-
Target
690c488a9902978f2ef05aa23d21f4fa30a52dd9d11191f9b49667cd08618d87.bin.dll
-
Size
34KB
-
MD5
1ca0fbd832f9f7cdc0e50b29bd0d970f
-
SHA1
9be6a2bc9df78f4566e5690e2f1bb696ae96cb48
-
SHA256
690c488a9902978f2ef05aa23d21f4fa30a52dd9d11191f9b49667cd08618d87
-
SHA512
5b236385ac4c1a6131163c6cb562f4c87691990a84b08afa7fbe764b5ddf3bc88edd7efe16dd6bd7ba5b6c7c9271146100a41ed9289c73958e7b282eaa7740e1
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1144 2040 WerFault.exe rundll32.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
WerFault.exepid process 1144 WerFault.exe 1144 WerFault.exe 1144 WerFault.exe 1144 WerFault.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
WerFault.exepid process 1144 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 1144 WerFault.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 1652 wrote to memory of 2040 1652 rundll32.exe rundll32.exe PID 1652 wrote to memory of 2040 1652 rundll32.exe rundll32.exe PID 1652 wrote to memory of 2040 1652 rundll32.exe rundll32.exe PID 1652 wrote to memory of 2040 1652 rundll32.exe rundll32.exe PID 1652 wrote to memory of 2040 1652 rundll32.exe rundll32.exe PID 1652 wrote to memory of 2040 1652 rundll32.exe rundll32.exe PID 1652 wrote to memory of 2040 1652 rundll32.exe rundll32.exe PID 2040 wrote to memory of 1144 2040 rundll32.exe WerFault.exe PID 2040 wrote to memory of 1144 2040 rundll32.exe WerFault.exe PID 2040 wrote to memory of 1144 2040 rundll32.exe WerFault.exe PID 2040 wrote to memory of 1144 2040 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\690c488a9902978f2ef05aa23d21f4fa30a52dd9d11191f9b49667cd08618d87.bin.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\690c488a9902978f2ef05aa23d21f4fa30a52dd9d11191f9b49667cd08618d87.bin.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 2243⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken