Analysis
-
max time kernel
15s -
max time network
15s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
08-01-2022 12:24
Static task
static1
Behavioral task
behavioral1
Sample
jcef_helper.exe
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
jcef_helper.exe
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral3
Sample
libcef.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral4
Sample
libcef.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
libcef.dll
-
Size
1.5MB
-
MD5
9d78d3951d228f3c0a343e4754b80abc
-
SHA1
53fbc461990975c05e368807496343176976949f
-
SHA256
e91bece5ca4dd53ddcf926b4d132905124d214457f86e0ed4dd01d904907cef4
-
SHA512
2d510b3d39ef66bf18bd9c44688a738eca18ae11c13fa65c4988e98da3b11337fd568b1169db36cb4aaa19440a1a110c63e0387c3efc19c0118fabef33addff2
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1460 944 WerFault.exe rundll32.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
WerFault.exepid process 1460 WerFault.exe 1460 WerFault.exe 1460 WerFault.exe 1460 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 1460 WerFault.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 944 wrote to memory of 1460 944 rundll32.exe WerFault.exe PID 944 wrote to memory of 1460 944 rundll32.exe WerFault.exe PID 944 wrote to memory of 1460 944 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\libcef.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 944 -s 842⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken