812d14e20d4eb04d611838dde59de0098a4f52677bc83380a56a35308a52285b

Analysis

max time kernel
141s
max time network
143s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
02/11/2022, 21:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

812d14e20d4eb04d611838dde59de0098a4f52677bc83380a56a35308a52285b.exe
Size

327KB
MD5

f013ef69fbbf32c963916c3d0e4679ba
SHA1

e0098b2ae6c1802d1c593e607491ce2faaa942e6
SHA256

812d14e20d4eb04d611838dde59de0098a4f52677bc83380a56a35308a52285b
SHA512

48bf35a888e0224d462905e16f8872d937c96e9d75f7e91d2716a4ed56eea50c1e6d707d248ea70e8456da974b7c19a2d7b89d9085b8d3c37ef6c6e960eb5222
SSDEEP

6144:eKlzr1sYCzek2ciDaP9Xk6Ln1W8W/9InBSkZZmLdGcAdgdY6RKpjS:eGhQ2ciDq9ZL1W8q9InBRqELdolRKpj

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2620 set thread context of 2148	2620	812d14e20d4eb04d611838dde59de0098a4f52677bc83380a56a35308a52285b.exe	66

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5024	2148	WerFault.exe	66

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2620 wrote to memory of 2148	2620	812d14e20d4eb04d611838dde59de0098a4f52677bc83380a56a35308a52285b.exe	66
PID 2620 wrote to memory of 2148	2620	812d14e20d4eb04d611838dde59de0098a4f52677bc83380a56a35308a52285b.exe	66
PID 2620 wrote to memory of 2148	2620	812d14e20d4eb04d611838dde59de0098a4f52677bc83380a56a35308a52285b.exe	66
PID 2620 wrote to memory of 2148	2620	812d14e20d4eb04d611838dde59de0098a4f52677bc83380a56a35308a52285b.exe	66
PID 2620 wrote to memory of 2148	2620	812d14e20d4eb04d611838dde59de0098a4f52677bc83380a56a35308a52285b.exe	66
PID 2620 wrote to memory of 2148	2620	812d14e20d4eb04d611838dde59de0098a4f52677bc83380a56a35308a52285b.exe	66
PID 2620 wrote to memory of 2148	2620	812d14e20d4eb04d611838dde59de0098a4f52677bc83380a56a35308a52285b.exe	66
PID 2620 wrote to memory of 2148	2620	812d14e20d4eb04d611838dde59de0098a4f52677bc83380a56a35308a52285b.exe	66
PID 2620 wrote to memory of 2148	2620	812d14e20d4eb04d611838dde59de0098a4f52677bc83380a56a35308a52285b.exe	66

C:\Users\Admin\AppData\Local\Temp\812d14e20d4eb04d611838dde59de0098a4f52677bc83380a56a35308a52285b.exe
"C:\Users\Admin\AppData\Local\Temp\812d14e20d4eb04d611838dde59de0098a4f52677bc83380a56a35308a52285b.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2620
- C:\Users\Admin\AppData\Local\Temp\812d14e20d4eb04d611838dde59de0098a4f52677bc83380a56a35308a52285b.exe
  C:\Users\Admin\AppData\Local\Temp\812d14e20d4eb04d611838dde59de0098a4f52677bc83380a56a35308a52285b.exe
  2⤵
  PID:2148
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 24
    3⤵
    - Program crash
    PID:5024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2148-177-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2620-119-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-120-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-121-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-122-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-123-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-124-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-125-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-126-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-127-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-128-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-129-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-130-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-131-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-132-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-133-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-134-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-137-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-136-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-138-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-135-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-140-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-142-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-141-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-144-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-143-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-139-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-145-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-146-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-147-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-148-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-149-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-150-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-151-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-152-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-153-0x0000000000830000-0x0000000000886000-memory.dmp

Filesize
344KB

Download
memory/2620-155-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-154-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-157-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-158-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-156-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-159-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-160-0x0000000007580000-0x000000000764C000-memory.dmp

Filesize
816KB

Download
memory/2620-161-0x0000000007B50000-0x000000000804E000-memory.dmp

Filesize
5.0MB

Download
memory/2620-162-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-163-0x00000000076F0000-0x0000000007782000-memory.dmp

Filesize
584KB

Download
memory/2620-164-0x0000000005180000-0x0000000005186000-memory.dmp

Filesize
24KB

Download
memory/2620-166-0x0000000007990000-0x0000000007A06000-memory.dmp

Filesize
472KB

Download
memory/2620-165-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-167-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-168-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-169-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-170-0x0000000007650000-0x000000000766E000-memory.dmp

Filesize
120KB

Download
memory/2620-175-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-174-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-173-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-172-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-171-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-176-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2620-179-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads