Analysis
-
max time kernel
154s -
max time network
151s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
26-09-2021 16:25
Static task
static1
Behavioral task
behavioral1
Sample
jna4751840382602025308.dll
Resource
win7v20210408
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
jna4751840382602025308.dll
Resource
win10-en-20210920
0 signatures
0 seconds
General
-
Target
jna4751840382602025308.dll
-
Size
203KB
-
MD5
28d895a3cb7e9a0b6a5ae5ed6a62b254
-
SHA1
703d8604a8d04d29c52c0ebcde1e86f3bc8ff824
-
SHA256
04c9a8ab43d1eb616b84d0686c8ae1d881ef03fe4f3aa26511e5b19d35ef16af
-
SHA512
c917334ba893313f6062143a25187a313a973b41696c8e446d4d90f7483963f5134cafe65c86b212815981a9af27b1ada7feb2c9194a3b234c5817fb54d4e531
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1584 1820 WerFault.exe rundll32.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
WerFault.exepid process 1584 WerFault.exe 1584 WerFault.exe 1584 WerFault.exe 1584 WerFault.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
WerFault.exepid process 1584 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 1584 WerFault.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 1828 wrote to memory of 1820 1828 rundll32.exe rundll32.exe PID 1828 wrote to memory of 1820 1828 rundll32.exe rundll32.exe PID 1828 wrote to memory of 1820 1828 rundll32.exe rundll32.exe PID 1828 wrote to memory of 1820 1828 rundll32.exe rundll32.exe PID 1828 wrote to memory of 1820 1828 rundll32.exe rundll32.exe PID 1828 wrote to memory of 1820 1828 rundll32.exe rundll32.exe PID 1828 wrote to memory of 1820 1828 rundll32.exe rundll32.exe PID 1820 wrote to memory of 1584 1820 rundll32.exe WerFault.exe PID 1820 wrote to memory of 1584 1820 rundll32.exe WerFault.exe PID 1820 wrote to memory of 1584 1820 rundll32.exe WerFault.exe PID 1820 wrote to memory of 1584 1820 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\jna4751840382602025308.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\jna4751840382602025308.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 2243⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken