Analysis
-
max time kernel
11s -
max time network
112s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
27-07-2021 15:41
Static task
static1
Behavioral task
behavioral1
Sample
compsBr.jpg.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
compsBr.jpg.dll
Resource
win10v20210410
windows10_x64
0 signatures
0 seconds
General
-
Target
compsBr.jpg.dll
-
Size
490KB
-
MD5
67d7982f23537172833949505e2fc091
-
SHA1
0c1a40b42037d728c402eb4ea2c97a6837041dd3
-
SHA256
49e76568aab61959380480cc594d346207c88911d340fd17cf20a0405a42aded
-
SHA512
0990e6aa42f28f3b228a94d645ee5776d5126cb6d7bdd498e585e84c180567eac8c1817947caea3a5660464bd1d2efd7172cc0a72da72d00b148649ddde68d93
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2472 188 WerFault.exe regsvr32.exe -
Suspicious behavior: EnumeratesProcesses 15 IoCs
Processes:
WerFault.exepid process 2472 WerFault.exe 2472 WerFault.exe 2472 WerFault.exe 2472 WerFault.exe 2472 WerFault.exe 2472 WerFault.exe 2472 WerFault.exe 2472 WerFault.exe 2472 WerFault.exe 2472 WerFault.exe 2472 WerFault.exe 2472 WerFault.exe 2472 WerFault.exe 2472 WerFault.exe 2472 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 2472 WerFault.exe Token: SeBackupPrivilege 2472 WerFault.exe Token: SeDebugPrivilege 2472 WerFault.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
regsvr32.exedescription pid process target process PID 3908 wrote to memory of 188 3908 regsvr32.exe regsvr32.exe PID 3908 wrote to memory of 188 3908 regsvr32.exe regsvr32.exe PID 3908 wrote to memory of 188 3908 regsvr32.exe regsvr32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\compsBr.jpg.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\compsBr.jpg.dll2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 188 -s 6083⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken