Analysis
-
max time kernel
120s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
06-03-2022 22:55
General
-
Target
0ba919e648d9ff676a60f464bbc4dda922bfabd3b9a082edc61d6bafdcaad076.exe
-
Size
594KB
-
MD5
0faf60f6b58a9280cd519653658a95a7
-
SHA1
5f24e4075ebc1e44747093a996e346e013004821
-
SHA256
0ba919e648d9ff676a60f464bbc4dda922bfabd3b9a082edc61d6bafdcaad076
-
SHA512
b1ee924b7a13819e8d0bbd36226093183bd9e5cb4d91021866d1f61aa69ada6174c19854ba30469e232c6e15e4f0f2ad040f315d47484a27c9dc97fbc337ead5
Score
5/10
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
-
Program crash 1 IoCs
-
Suspicious behavior: MapViewOfSection 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0ba919e648d9ff676a60f464bbc4dda922bfabd3b9a082edc61d6bafdcaad076.exe"C:\Users\Admin\AppData\Local\Temp\0ba919e648d9ff676a60f464bbc4dda922bfabd3b9a082edc61d6bafdcaad076.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\0ba919e648d9ff676a60f464bbc4dda922bfabd3b9a082edc61d6bafdcaad076.exe"C:\Users\Admin\AppData\Local\Temp\0ba919e648d9ff676a60f464bbc4dda922bfabd3b9a082edc61d6bafdcaad076.exe"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 3963⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 532 -ip 5321⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4116-131-0x00000000012FD000-0x0000000001300000-memory.dmpFilesize
12KB