Analysis
-
max time kernel
122s -
max time network
122s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
01-02-2022 00:49
Behavioral task
behavioral1
Sample
23251d989078d7d69c6cfe6de3c9f2102d5810266fc483e11e0c71ab000000ec.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
23251d989078d7d69c6cfe6de3c9f2102d5810266fc483e11e0c71ab000000ec.dll
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
23251d989078d7d69c6cfe6de3c9f2102d5810266fc483e11e0c71ab000000ec.dll
-
Size
222KB
-
MD5
4cc0ab0723d94bf572c33ac7af89edba
-
SHA1
657f84c00323f99128856df23ea593d13addfbd5
-
SHA256
23251d989078d7d69c6cfe6de3c9f2102d5810266fc483e11e0c71ab000000ec
-
SHA512
8fdb7055e2098fc7ae814921d7128c215bf803a0ec1beb51b4d8ce6982a14aacf405cd3d3ff206a9a9834686eea147ad5251f4adcee065cdb9b9808d76570be2
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1276 540 WerFault.exe rundll32.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
WerFault.exepid process 1276 WerFault.exe 1276 WerFault.exe 1276 WerFault.exe 1276 WerFault.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
WerFault.exepid process 1276 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 1276 WerFault.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 540 wrote to memory of 1276 540 rundll32.exe WerFault.exe PID 540 wrote to memory of 1276 540 rundll32.exe WerFault.exe PID 540 wrote to memory of 1276 540 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\23251d989078d7d69c6cfe6de3c9f2102d5810266fc483e11e0c71ab000000ec.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 540 -s 842⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken