99a0c3a57918273a370a2e9af1dc967e92846821c2198fcdddfc732f8cd15ae1

Analysis

Target

99a0c3a57918273a370a2e9af1dc967e92846821c2198fcdddfc732f8cd15ae1.dll
Size

33KB
MD5

1aeecb2827babb42468d8257aa6afdeb
SHA1

653f6938e5521cf70596fc4a3f1d8c8eef21959a
SHA256

99a0c3a57918273a370a2e9af1dc967e92846821c2198fcdddfc732f8cd15ae1
SHA512

846874d5488fe6aebe39f7c84cdf43bb3af418835bf3bc87a0a799c108d4966121a46a5e8f5d17bd98e5fb376d09169de48e7ea1129dd1b3df72b4508dff9f4c

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1044	316	WerFault.exe	16

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1044	WerFault.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1044	WerFault.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 316 wrote to memory of 1044	316	rundll32.exe	27
PID 316 wrote to memory of 1044	316	rundll32.exe	27
PID 316 wrote to memory of 1044	316	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\99a0c3a57918273a370a2e9af1dc967e92846821c2198fcdddfc732f8cd15ae1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:316
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 316 -s 168
  2⤵
  - Program crash
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  PID:1044

memory/1044-54-0x000007FEFC441000-0x000007FEFC443000-memory.dmp

Filesize
8KB

Download
memory/1044-55-0x0000000001CA0000-0x0000000001CA1000-memory.dmp

Filesize
4KB

Download