Analysis
-
max time kernel
117s -
max time network
128s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
25-01-2022 10:03
Static task
static1
Behavioral task
behavioral1
Sample
locale_772.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
locale_772.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
locale_772.dll
-
Size
301KB
-
MD5
69e1fa92dc8430cb1cacb6c2060cff26
-
SHA1
22fa67584a986738ee77d204aa7290f2a6a6cdfb
-
SHA256
c5b9eab2b92b03206b6d46e9d5b478e5e0cbf9917a5c3b17eafbcf90f987f454
-
SHA512
8f3463e172b6b9c1da705a07326de906c29c0d549f12911fd63ba15b1f42c23fcd8cf0be0ec9834bf8331e5fcf721406c950b49b68fcae790b4f042e309b4031
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1720 1536 WerFault.exe rundll32.exe -
Suspicious behavior: EnumeratesProcesses 5 IoCs
Processes:
WerFault.exepid process 1720 WerFault.exe 1720 WerFault.exe 1720 WerFault.exe 1720 WerFault.exe 1720 WerFault.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
WerFault.exepid process 1720 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 1720 WerFault.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1536 wrote to memory of 1720 1536 rundll32.exe WerFault.exe PID 1536 wrote to memory of 1720 1536 rundll32.exe WerFault.exe PID 1536 wrote to memory of 1720 1536 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\locale_772.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1536 -s 1562⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken