Analysis
-
max time kernel
96s -
max time network
111s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
12-06-2022 22:52
General
-
Target
1df4d4b68ddb2b438bdf3d3c19c317ae5fb2b15af5610ef781abf5329450374e.exe
-
Size
270KB
-
MD5
a937b808651c5278b0d41a24db7db03c
-
SHA1
6101369439607b2b301d14321ae61b8590ac6070
-
SHA256
1df4d4b68ddb2b438bdf3d3c19c317ae5fb2b15af5610ef781abf5329450374e
-
SHA512
64c0469533dd31e9a829d5208ea532ab3858ad8321f9626ba678fcad49d9857fc944f7a5cf2f90d33f1a002456dd42ba32775c73dd38726a8d1ed578e6005c26
Score
5/10
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1df4d4b68ddb2b438bdf3d3c19c317ae5fb2b15af5610ef781abf5329450374e.exe"C:\Users\Admin\AppData\Local\Temp\1df4d4b68ddb2b438bdf3d3c19c317ae5fb2b15af5610ef781abf5329450374e.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1df4d4b68ddb2b438bdf3d3c19c317ae5fb2b15af5610ef781abf5329450374e.exe"C:\Users\Admin\AppData\Local\Temp\1df4d4b68ddb2b438bdf3d3c19c317ae5fb2b15af5610ef781abf5329450374e.exe"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 803⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4080 -ip 40801⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4080-132-0x0000000000000000-mapping.dmp
-
memory/4408-130-0x0000000000860000-0x00000000008AA000-memory.dmpFilesize
296KB
-
memory/4408-131-0x0000000005260000-0x00000000052FC000-memory.dmpFilesize
624KB