64c044cb3ec26babdd17107b2aa6ded60b22473c4e2943e1fcc03df8bc2e0edb

Resubmissions

21-09-2021 15:24

21-09-2021 15:09

Target

22aef4558853a72dd07ff9513a6b9dbf.bin.dll
Size

439KB
MD5

22aef4558853a72dd07ff9513a6b9dbf
SHA1

52a914b43dfa44910ab649be77a57db631d038ee
SHA256

64c044cb3ec26babdd17107b2aa6ded60b22473c4e2943e1fcc03df8bc2e0edb
SHA512

550f72f4d6186869893b2dc6536b3ce9bcb7843b0db726a1d9fb118291b1e96d642dfb57369b85ff58c41b38d6c40f6853d1da752f589aa419cb1f4d35381be4

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3692	2664	WerFault.exe	70

Suspicious behavior: EnumeratesProcesses 14 IoCs

Suspicious use of AdjustPrivilegeToken 3 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 2664	2548	rundll32.exe	70
PID 2548 wrote to memory of 2664	2548	rundll32.exe	70
PID 2548 wrote to memory of 2664	2548	rundll32.exe	70

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\22aef4558853a72dd07ff9513a6b9dbf.bin.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\22aef4558853a72dd07ff9513a6b9dbf.bin.dll,#1
  2⤵
  PID:2664
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 696
    3⤵
    - Program crash
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3692

memory/2664-116-0x0000000000BE0000-0x0000000000BE1000-memory.dmp

Filesize
4KB

Download
memory/2664-118-0x0000000000F50000-0x000000000109A000-memory.dmp

Filesize
1.3MB

Download
memory/2664-117-0x0000000000F50000-0x000000000109A000-memory.dmp

Filesize
1.3MB

Download