Analysis
-
max time kernel
135s -
max time network
140s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
10-02-2022 03:17
Static task
static1
Behavioral task
behavioral1
Sample
24187dd5b4f24a5e3ec8b9e69588f59f2883b839de6fd6ae282644b408a7d453.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
24187dd5b4f24a5e3ec8b9e69588f59f2883b839de6fd6ae282644b408a7d453.dll
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
24187dd5b4f24a5e3ec8b9e69588f59f2883b839de6fd6ae282644b408a7d453.dll
-
Size
209KB
-
MD5
3f535607cca76b56fc9beb31be3088fb
-
SHA1
215c81780a68d5b7e5fb1ff000bc138b9c2f24bb
-
SHA256
24187dd5b4f24a5e3ec8b9e69588f59f2883b839de6fd6ae282644b408a7d453
-
SHA512
f60ef14a1c4356b50f8211abc4723aa49ef06033ce5f244c210b45825d7e2b902661b9746d607a3626a548db947c23bee247eda6e8db2d95ce8e6d5445b6fa3d
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 668 776 WerFault.exe rundll32.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
WerFault.exepid process 668 WerFault.exe 668 WerFault.exe 668 WerFault.exe 668 WerFault.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
WerFault.exepid process 668 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 668 WerFault.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 820 wrote to memory of 776 820 rundll32.exe rundll32.exe PID 820 wrote to memory of 776 820 rundll32.exe rundll32.exe PID 820 wrote to memory of 776 820 rundll32.exe rundll32.exe PID 820 wrote to memory of 776 820 rundll32.exe rundll32.exe PID 820 wrote to memory of 776 820 rundll32.exe rundll32.exe PID 820 wrote to memory of 776 820 rundll32.exe rundll32.exe PID 820 wrote to memory of 776 820 rundll32.exe rundll32.exe PID 776 wrote to memory of 668 776 rundll32.exe WerFault.exe PID 776 wrote to memory of 668 776 rundll32.exe WerFault.exe PID 776 wrote to memory of 668 776 rundll32.exe WerFault.exe PID 776 wrote to memory of 668 776 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\24187dd5b4f24a5e3ec8b9e69588f59f2883b839de6fd6ae282644b408a7d453.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\24187dd5b4f24a5e3ec8b9e69588f59f2883b839de6fd6ae282644b408a7d453.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 2323⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken