024305e25bccea4a808a0b89dec763a96ae9a2780e98dab6886b6acfdb3ac187 | Triage

Analysis

max time kernel
9s
max time network
12s
platform
windows10_x64
resource
win10-en-20210920
submitted
19-10-2021 15:23

Sharing

Report Analysis Logs

General

Target

dbl_1.dll
Size

38KB
MD5

c593ed0e328ba1ada8f89c0259946b74
SHA1

5e5282aa871de1cd8e2232589e3ade821b16f1cf
SHA256

024305e25bccea4a808a0b89dec763a96ae9a2780e98dab6886b6acfdb3ac187
SHA512

d297664af1b3f6de15ee3de94e699e54405b0a03f93db77d023e3e7bfdd66acf75c8c4ca5c311a679116538a1f03c92023c65845e046693a28b7efb6e5544c7f

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3988 3684 WerFault.exe rundll32.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

WerFault.exe

pid	process
3988	WerFault.exe
3988	WerFault.exe
3988	WerFault.exe
3988	WerFault.exe
3988	WerFault.exe
3988	WerFault.exe
3988	WerFault.exe
3988	WerFault.exe
3988	WerFault.exe
3988	WerFault.exe
3988	WerFault.exe
3988	WerFault.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

WerFault.exe

description pid process

Token: SeDebugPrivilege 3988 WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dbl_1.dll,#1
1⤵
PID:3684
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3684 -s 464
  2⤵
  - Program crash
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads