Analysis
-
max time kernel
91s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
20/12/2022, 15:21
General
-
Target
KRNLWRD/injector.dll
-
Size
1.2MB
-
MD5
a1b9c6fdb702f4456a385ee93a1a77eb
-
SHA1
283b10148e08fa8bd6d8ec47f8e62c556fb768cc
-
SHA256
4cd782cfc5344a942f3f0a61c021122ded48b5e175de76f393419901708c04d4
-
SHA512
447ed5b2656fdb225c799270421b9e3459ac44ae7be06a84bd6c67c2304b8076eb562e3d191e8a43190338fa4e67a8b3cf7afd3eb788c707497cb090b98af0ca
-
SSDEEP
24576:F4L8ZNLC0RaGGeeh9dWHjQyAToCF+i15b1lpJyIOYCdcb65Jhz+:Fxf89ajQyAToCF+iVJyIHocb65Hz+
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\KRNLWRD\injector.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\KRNLWRD\injector.dll,#12⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 6283⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3920 -ip 39201⤵