Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
26-09-2021 16:25
Static task
static1
Behavioral task
behavioral1
Sample
jna4751840382602025308.dll
Resource
win7v20210408
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
jna4751840382602025308.dll
Resource
win10-en-20210920
0 signatures
0 seconds
General
-
Target
jna4751840382602025308.dll
-
Size
203KB
-
MD5
28d895a3cb7e9a0b6a5ae5ed6a62b254
-
SHA1
703d8604a8d04d29c52c0ebcde1e86f3bc8ff824
-
SHA256
04c9a8ab43d1eb616b84d0686c8ae1d881ef03fe4f3aa26511e5b19d35ef16af
-
SHA512
c917334ba893313f6062143a25187a313a973b41696c8e446d4d90f7483963f5134cafe65c86b212815981a9af27b1ada7feb2c9194a3b234c5817fb54d4e531
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2632 2180 WerFault.exe rundll32.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 2632 WerFault.exe 2632 WerFault.exe 2632 WerFault.exe 2632 WerFault.exe 2632 WerFault.exe 2632 WerFault.exe 2632 WerFault.exe 2632 WerFault.exe 2632 WerFault.exe 2632 WerFault.exe 2632 WerFault.exe 2632 WerFault.exe 2632 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 2632 WerFault.exe Token: SeBackupPrivilege 2632 WerFault.exe Token: SeDebugPrivilege 2632 WerFault.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2116 wrote to memory of 2180 2116 rundll32.exe rundll32.exe PID 2116 wrote to memory of 2180 2116 rundll32.exe rundll32.exe PID 2116 wrote to memory of 2180 2116 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\jna4751840382602025308.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\jna4751840382602025308.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 6243⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2180-115-0x0000000000000000-mapping.dmp