cabd1b0679596bdecb0c78ca2d0017965dfc57a5939444174ce69028d2abf933

Analysis

max time kernel
42s
max time network
47s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
19/09/2022, 02:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cabd1b0679596bdecb0c78ca2d0017965dfc57a5939444174ce69028d2abf933.exe
Size

287KB
MD5

79fb048e4af9a9a2541cdf26028b3038
SHA1

9d023762a2e85efefa5fee606a2eed4d61599a5e
SHA256

cabd1b0679596bdecb0c78ca2d0017965dfc57a5939444174ce69028d2abf933
SHA512

df476e6be7b75dab33888aa712ef77bd34e78670f521c176d61cc317124129350db75c1cc7137db73fb958533f81b03b0654e81eaab3d93062d907eb4b23b430
SSDEEP

6144:/mEczfa4NlHT+g4ycVgnTH51mAA/G8z2Sf7iG92xMv:uEce43T+fBVmd1Aj2+X9Hv

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1760 set thread context of 1200	1760	cabd1b0679596bdecb0c78ca2d0017965dfc57a5939444174ce69028d2abf933.exe	27

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1148	1200	WerFault.exe	27

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1760	cabd1b0679596bdecb0c78ca2d0017965dfc57a5939444174ce69028d2abf933.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1760 wrote to memory of 1200	1760	cabd1b0679596bdecb0c78ca2d0017965dfc57a5939444174ce69028d2abf933.exe	27
PID 1760 wrote to memory of 1200	1760	cabd1b0679596bdecb0c78ca2d0017965dfc57a5939444174ce69028d2abf933.exe	27
PID 1760 wrote to memory of 1200	1760	cabd1b0679596bdecb0c78ca2d0017965dfc57a5939444174ce69028d2abf933.exe	27
PID 1760 wrote to memory of 1200	1760	cabd1b0679596bdecb0c78ca2d0017965dfc57a5939444174ce69028d2abf933.exe	27
PID 1760 wrote to memory of 1200	1760	cabd1b0679596bdecb0c78ca2d0017965dfc57a5939444174ce69028d2abf933.exe	27
PID 1760 wrote to memory of 1200	1760	cabd1b0679596bdecb0c78ca2d0017965dfc57a5939444174ce69028d2abf933.exe	27
PID 1760 wrote to memory of 1200	1760	cabd1b0679596bdecb0c78ca2d0017965dfc57a5939444174ce69028d2abf933.exe	27
PID 1760 wrote to memory of 1200	1760	cabd1b0679596bdecb0c78ca2d0017965dfc57a5939444174ce69028d2abf933.exe	27
PID 1760 wrote to memory of 1200	1760	cabd1b0679596bdecb0c78ca2d0017965dfc57a5939444174ce69028d2abf933.exe	27
PID 1760 wrote to memory of 1200	1760	cabd1b0679596bdecb0c78ca2d0017965dfc57a5939444174ce69028d2abf933.exe	27
PID 1200 wrote to memory of 1148	1200	cabd1b0679596bdecb0c78ca2d0017965dfc57a5939444174ce69028d2abf933.exe	28
PID 1200 wrote to memory of 1148	1200	cabd1b0679596bdecb0c78ca2d0017965dfc57a5939444174ce69028d2abf933.exe	28
PID 1200 wrote to memory of 1148	1200	cabd1b0679596bdecb0c78ca2d0017965dfc57a5939444174ce69028d2abf933.exe	28
PID 1200 wrote to memory of 1148	1200	cabd1b0679596bdecb0c78ca2d0017965dfc57a5939444174ce69028d2abf933.exe	28

C:\Users\Admin\AppData\Local\Temp\cabd1b0679596bdecb0c78ca2d0017965dfc57a5939444174ce69028d2abf933.exe
"C:\Users\Admin\AppData\Local\Temp\cabd1b0679596bdecb0c78ca2d0017965dfc57a5939444174ce69028d2abf933.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Users\Admin\AppData\Local\Temp\cabd1b0679596bdecb0c78ca2d0017965dfc57a5939444174ce69028d2abf933.exe
  "C:\Users\Admin\AppData\Local\Temp\cabd1b0679596bdecb0c78ca2d0017965dfc57a5939444174ce69028d2abf933.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1200
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 96
    3⤵
    - Program crash
    PID:1148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1200-56-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/1200-57-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/1200-59-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/1200-61-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/1200-64-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/1200-66-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/1200-69-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/1200-70-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/1200-71-0x0000000000410000-0x0000000000412000-memory.dmp

Filesize
8KB

Download
memory/1200-73-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads