d45f541b13139346d518b1ab79a5f70dda19ab6359327d7b76ab91a459813754 | Triage

Analysis

max time kernel
320s
max time network
381s
platform
windows10_x64
resource
win10v20210408
submitted
18-08-2021 18:23

Sharing

Report Analysis Logs

General

Target

runtimes/win-x64/lib/netcoreapp3.0/CefSharp.BrowserSubprocess.Core.dll
Size

1.2MB
MD5

0695056020eb63f62877493e58cb34a4
SHA1

9c8135dc406cd42f2ceebec947c8113238e4fc78
SHA256

cd125611cdb5f3a74ee952951a692ee598daa5a7491e87676a4f68930117bb2a
SHA512

6a74c029cb1f9b96780d207710b00c9430c629174e08c462c5d8db4ae766946dcb464c7b0ec00cf9db947a873f9c8c5338ed02342ce053397cb533c5808dd236

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2804 572 WerFault.exe rundll32.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

WerFault.exe

pid	process
2804	WerFault.exe
2804	WerFault.exe
2804	WerFault.exe
2804	WerFault.exe
2804	WerFault.exe
2804	WerFault.exe
2804	WerFault.exe
2804	WerFault.exe
2804	WerFault.exe
2804	WerFault.exe
2804	WerFault.exe
2804	WerFault.exe
2804	WerFault.exe
2804	WerFault.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

WerFault.exe

description pid process

Token: SeDebugPrivilege 2804 WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\runtimes\win-x64\lib\netcoreapp3.0\CefSharp.BrowserSubprocess.Core.dll,#1
1⤵
PID:572

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 572 -s 1112
2⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/572-117-0x0000025F41910000-0x0000025F41911000-memory.dmp

Filesize
4KB

Download
memory/572-118-0x0000025F28DB0000-0x0000025F28DCE000-memory.dmp

Filesize
120KB

Download