15097d2f74343c844eddaf977e411939b5060d9be365ac28b34c2c3d489f0b41

Resubmissions

16-12-2021 09:50

14-12-2021 07:05

Target

15097d2f74343c844eddaf977e411939b5060d9be365ac28b34c2c3d489f0b41.dll
Size

522KB
MD5

84702bd6e798481f81066c1e0671ae03
SHA1

c53a1d8aa4495cb5acf07ddc069153fbecd37a91
SHA256

15097d2f74343c844eddaf977e411939b5060d9be365ac28b34c2c3d489f0b41
SHA512

802b350012e73bb3adbb59492d22db33cff7f67084975eb054f969908cab2826945a01f4086e08f88e176a1da2248b5c852d02d3f086c2a036ccddd286367fb4

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
508	1832	WerFault.exe	69

Suspicious behavior: EnumeratesProcesses 12 IoCs

Suspicious use of AdjustPrivilegeToken 3 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2736 wrote to memory of 1832	2736	rundll32.exe	69
PID 2736 wrote to memory of 1832	2736	rundll32.exe	69
PID 2736 wrote to memory of 1832	2736	rundll32.exe	69

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\15097d2f74343c844eddaf977e411939b5060d9be365ac28b34c2c3d489f0b41.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2736
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\15097d2f74343c844eddaf977e411939b5060d9be365ac28b34c2c3d489f0b41.dll,#1
  2⤵
  PID:1832
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 688
    3⤵
    - Program crash
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:508

memory/1832-117-0x0000000005530000-0x000000000554E000-memory.dmp

Filesize
120KB

Download
memory/1832-116-0x0000000005530000-0x000000000554E000-memory.dmp

Filesize
120KB

Download
memory/1832-119-0x00000000054F0000-0x000000000550F000-memory.dmp

Filesize
124KB

Download
memory/1832-118-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/1832-120-0x0000000005530000-0x000000000554E000-memory.dmp

Filesize
120KB

Download