Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
01-02-2022 12:38
Static task
static1
Behavioral task
behavioral1
Sample
99a0c3a57918273a370a2e9af1dc967e92846821c2198fcdddfc732f8cd15ae1.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
99a0c3a57918273a370a2e9af1dc967e92846821c2198fcdddfc732f8cd15ae1.dll
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
99a0c3a57918273a370a2e9af1dc967e92846821c2198fcdddfc732f8cd15ae1.dll
-
Size
33KB
-
MD5
1aeecb2827babb42468d8257aa6afdeb
-
SHA1
653f6938e5521cf70596fc4a3f1d8c8eef21959a
-
SHA256
99a0c3a57918273a370a2e9af1dc967e92846821c2198fcdddfc732f8cd15ae1
-
SHA512
846874d5488fe6aebe39f7c84cdf43bb3af418835bf3bc87a0a799c108d4966121a46a5e8f5d17bd98e5fb376d09169de48e7ea1129dd1b3df72b4508dff9f4c
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1044 316 WerFault.exe rundll32.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
WerFault.exepid process 1044 WerFault.exe 1044 WerFault.exe 1044 WerFault.exe 1044 WerFault.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
WerFault.exepid process 1044 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 1044 WerFault.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 316 wrote to memory of 1044 316 rundll32.exe WerFault.exe PID 316 wrote to memory of 1044 316 rundll32.exe WerFault.exe PID 316 wrote to memory of 1044 316 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\99a0c3a57918273a370a2e9af1dc967e92846821c2198fcdddfc732f8cd15ae1.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:316 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 316 -s 1682⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:1044
-