Analysis
-
max time kernel
122s -
max time network
142s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
24-12-2021 11:10
Static task
static1
Behavioral task
behavioral1
Sample
394a8f52740bf387008548ca3e8e47b890e3a5c5f208f5fbde6fd57e5a25bdb1.bin.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
394a8f52740bf387008548ca3e8e47b890e3a5c5f208f5fbde6fd57e5a25bdb1.bin.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
394a8f52740bf387008548ca3e8e47b890e3a5c5f208f5fbde6fd57e5a25bdb1.bin.dll
-
Size
5KB
-
MD5
d56443c835e68547256b2b8ce64fcd73
-
SHA1
ca817b7459c98c25a5d845f8734d3227430520b3
-
SHA256
394a8f52740bf387008548ca3e8e47b890e3a5c5f208f5fbde6fd57e5a25bdb1
-
SHA512
aae457f9b572c985e0fdd2c5d47ff3b5dae05211e53e693f261abee6c5a3ef71a02521250b19f606099e3c4e4f07ac0c7440b9a118fa075de9cd0a06f970936d
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1000 972 WerFault.exe 69 -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 1000 WerFault.exe 1000 WerFault.exe 1000 WerFault.exe 1000 WerFault.exe 1000 WerFault.exe 1000 WerFault.exe 1000 WerFault.exe 1000 WerFault.exe 1000 WerFault.exe 1000 WerFault.exe 1000 WerFault.exe 1000 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 1000 WerFault.exe Token: SeBackupPrivilege 1000 WerFault.exe Token: SeDebugPrivilege 1000 WerFault.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3716 wrote to memory of 972 3716 rundll32.exe 69 PID 3716 wrote to memory of 972 3716 rundll32.exe 69 PID 3716 wrote to memory of 972 3716 rundll32.exe 69
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\394a8f52740bf387008548ca3e8e47b890e3a5c5f208f5fbde6fd57e5a25bdb1.bin.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3716 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\394a8f52740bf387008548ca3e8e47b890e3a5c5f208f5fbde6fd57e5a25bdb1.bin.dll,#12⤵PID:972
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 6163⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1000
-
-