Analysis
-
max time kernel
121s -
max time network
138s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
24-12-2021 11:10
Static task
static1
Behavioral task
behavioral1
Sample
52f9acd1e6d64d9a47ce95b1feb0e8bb0c9f3d1f40ab1724927a4b01078da391.bin.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
52f9acd1e6d64d9a47ce95b1feb0e8bb0c9f3d1f40ab1724927a4b01078da391.bin.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
52f9acd1e6d64d9a47ce95b1feb0e8bb0c9f3d1f40ab1724927a4b01078da391.bin.dll
-
Size
8KB
-
MD5
ae03c9f5a7cebd4cd4453bd5394321f1
-
SHA1
edc587321c84d0f72f982006b081aa418fba2c3b
-
SHA256
52f9acd1e6d64d9a47ce95b1feb0e8bb0c9f3d1f40ab1724927a4b01078da391
-
SHA512
4d8dafc1c1e6890c8cb692aa715fb71347c27a7f1399c1b13205e744e9d856a7969cebc1946f6e95b04e0060bd48c095608ff89dd60701c3155581feacde2490
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 768 2744 WerFault.exe 68 -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 768 WerFault.exe 768 WerFault.exe 768 WerFault.exe 768 WerFault.exe 768 WerFault.exe 768 WerFault.exe 768 WerFault.exe 768 WerFault.exe 768 WerFault.exe 768 WerFault.exe 768 WerFault.exe 768 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 768 WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\52f9acd1e6d64d9a47ce95b1feb0e8bb0c9f3d1f40ab1724927a4b01078da391.bin.dll,#11⤵PID:2744
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2744 -s 2762⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:768
-