1df4d4b68ddb2b438bdf3d3c19c317ae5fb2b15af5610ef781abf5329450374e | Triage

Analysis

max time kernel
96s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
12-06-2022 22:52

Sharing

Report Analysis Logs

General

Target

1df4d4b68ddb2b438bdf3d3c19c317ae5fb2b15af5610ef781abf5329450374e.exe
Size

270KB
MD5

a937b808651c5278b0d41a24db7db03c
SHA1

6101369439607b2b301d14321ae61b8590ac6070
SHA256

1df4d4b68ddb2b438bdf3d3c19c317ae5fb2b15af5610ef781abf5329450374e
SHA512

64c0469533dd31e9a829d5208ea532ab3858ad8321f9626ba678fcad49d9857fc944f7a5cf2f90d33f1a002456dd42ba32775c73dd38726a8d1ed578e6005c26

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4408 set thread context of 4080	4408	1df4d4b68ddb2b438bdf3d3c19c317ae5fb2b15af5610ef781abf5329450374e.exe	80

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4148	4080	WerFault.exe	80

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 4408 wrote to memory of 4080	4408	1df4d4b68ddb2b438bdf3d3c19c317ae5fb2b15af5610ef781abf5329450374e.exe	80
PID 4408 wrote to memory of 4080	4408	1df4d4b68ddb2b438bdf3d3c19c317ae5fb2b15af5610ef781abf5329450374e.exe	80
PID 4408 wrote to memory of 4080	4408	1df4d4b68ddb2b438bdf3d3c19c317ae5fb2b15af5610ef781abf5329450374e.exe	80
PID 4408 wrote to memory of 4080	4408	1df4d4b68ddb2b438bdf3d3c19c317ae5fb2b15af5610ef781abf5329450374e.exe	80

C:\Users\Admin\AppData\Local\Temp\1df4d4b68ddb2b438bdf3d3c19c317ae5fb2b15af5610ef781abf5329450374e.exe
"C:\Users\Admin\AppData\Local\Temp\1df4d4b68ddb2b438bdf3d3c19c317ae5fb2b15af5610ef781abf5329450374e.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4408
- C:\Users\Admin\AppData\Local\Temp\1df4d4b68ddb2b438bdf3d3c19c317ae5fb2b15af5610ef781abf5329450374e.exe
  "C:\Users\Admin\AppData\Local\Temp\1df4d4b68ddb2b438bdf3d3c19c317ae5fb2b15af5610ef781abf5329450374e.exe"
  2⤵
  PID:4080
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 80
    3⤵
    - Program crash
    PID:4148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4080 -ip 4080
1⤵
PID:988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4408-130-0x0000000000860000-0x00000000008AA000-memory.dmp

Filesize
296KB

Download
memory/4408-131-0x0000000005260000-0x00000000052FC000-memory.dmp

Filesize
624KB

Download