Analysis
-
max time kernel
116s -
max time network
119s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
21-09-2021 11:19
Static task
static1
Behavioral task
behavioral1
Sample
test.test.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
test.test.dll
Resource
win10-en-20210920
windows10_x64
0 signatures
0 seconds
General
-
Target
test.test.dll
-
Size
439KB
-
MD5
22aef4558853a72dd07ff9513a6b9dbf
-
SHA1
52a914b43dfa44910ab649be77a57db631d038ee
-
SHA256
64c044cb3ec26babdd17107b2aa6ded60b22473c4e2943e1fcc03df8bc2e0edb
-
SHA512
550f72f4d6186869893b2dc6536b3ce9bcb7843b0db726a1d9fb118291b1e96d642dfb57369b85ff58c41b38d6c40f6853d1da752f589aa419cb1f4d35381be4
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2736 3212 WerFault.exe 70 -
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 2736 WerFault.exe 2736 WerFault.exe 2736 WerFault.exe 2736 WerFault.exe 2736 WerFault.exe 2736 WerFault.exe 2736 WerFault.exe 2736 WerFault.exe 2736 WerFault.exe 2736 WerFault.exe 2736 WerFault.exe 2736 WerFault.exe 2736 WerFault.exe 2736 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 2736 WerFault.exe Token: SeBackupPrivilege 2736 WerFault.exe Token: SeDebugPrivilege 2736 WerFault.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2176 wrote to memory of 3212 2176 rundll32.exe 70 PID 2176 wrote to memory of 3212 2176 rundll32.exe 70 PID 2176 wrote to memory of 3212 2176 rundll32.exe 70
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\test.test.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2176 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\test.test.dll,#12⤵PID:3212
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 6883⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2736
-
-