bffe313600b5b3ed8962533c200d0c054f3e0e9db072e16472865f5319c8fae0 | Triage

Analysis

max time kernel
121s
max time network
125s
platform
windows10_x64
resource
win10-en-20211208
submitted
27-12-2021 08:51

Sharing

Report Analysis Logs

General

Target

download.dat.dll
Size

205KB
MD5

f1b9ce32bd51a386ad01b3c21562598a
SHA1

c51d70e9c65c0efac222bba50995df8392d8d79d
SHA256

bffe313600b5b3ed8962533c200d0c054f3e0e9db072e16472865f5319c8fae0
SHA512

62b3069c3a5991a11ae7834439c7ee77ecfa947cdc3a457bbfa313c338069319dce184855143f702fc6fa0a5b266bd31bf4a8910630838418261899a33868ffc

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2020 2620 WerFault.exe rundll32.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

WerFault.exe

pid	process
2020	WerFault.exe
2020	WerFault.exe
2020	WerFault.exe
2020	WerFault.exe
2020	WerFault.exe
2020	WerFault.exe
2020	WerFault.exe
2020	WerFault.exe
2020	WerFault.exe
2020	WerFault.exe
2020	WerFault.exe
2020	WerFault.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

WerFault.exe

description pid process

Token: SeRestorePrivilege 2020 WerFault.exe
Token: SeBackupPrivilege 2020 WerFault.exe
Token: SeDebugPrivilege 2020 WerFault.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2512 wrote to memory of 2620	2512	rundll32.exe	rundll32.exe
PID 2512 wrote to memory of 2620	2512	rundll32.exe	rundll32.exe
PID 2512 wrote to memory of 2620	2512	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\download.dat.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2512

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\download.dat.dll,#1
2⤵
PID:2620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 636
3⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2620-115-0x0000000000000000-mapping.dmp

Download