Analysis
-
max time kernel
119s -
max time network
122s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
14-01-2022 14:16
Static task
static1
Behavioral task
behavioral1
Sample
04c8d0-8sDqomArlxY5SzhKWD7x6QXAZjojt.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
General
-
Target
04c8d0-8sDqomArlxY5SzhKWD7x6QXAZjojt.dll
-
Size
172KB
-
MD5
ffd349bb84a19f1e9b9d6e68c63170cc
-
SHA1
ed19130acf6c9f930522f9c0caed53dd0f2523c3
-
SHA256
04c8d0427fba79b1c0e640c473441ff6503657749b1709ee85f0912fb6ba3448
-
SHA512
df7d731f45ecbdff19823a5c487d20cb78c97f400cd0895aaf52f9667b5fe3966a57a9928ab2a47667187e66b7cae3e39c36d06ad0c81f3a7a8007a335b2a078
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 952 1660 WerFault.exe rundll32.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
WerFault.exepid process 952 WerFault.exe 952 WerFault.exe 952 WerFault.exe 952 WerFault.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
WerFault.exepid process 952 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 952 WerFault.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 1576 wrote to memory of 1660 1576 rundll32.exe rundll32.exe PID 1576 wrote to memory of 1660 1576 rundll32.exe rundll32.exe PID 1576 wrote to memory of 1660 1576 rundll32.exe rundll32.exe PID 1576 wrote to memory of 1660 1576 rundll32.exe rundll32.exe PID 1576 wrote to memory of 1660 1576 rundll32.exe rundll32.exe PID 1576 wrote to memory of 1660 1576 rundll32.exe rundll32.exe PID 1576 wrote to memory of 1660 1576 rundll32.exe rundll32.exe PID 1660 wrote to memory of 952 1660 rundll32.exe WerFault.exe PID 1660 wrote to memory of 952 1660 rundll32.exe WerFault.exe PID 1660 wrote to memory of 952 1660 rundll32.exe WerFault.exe PID 1660 wrote to memory of 952 1660 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\04c8d0-8sDqomArlxY5SzhKWD7x6QXAZjojt.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\04c8d0-8sDqomArlxY5SzhKWD7x6QXAZjojt.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 2323⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken