d861c524f88012db48e4a8cb12242ecd66c22508f270991fa1d20f5b29f7a844

Analysis

max time kernel
52s
max time network
80s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
02-11-2022 00:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d861c524f88012db48e4a8cb12242ecd66c22508f270991fa1d20f5b29f7a844.exe
Size

325KB
MD5

992322cfd3f428dc5093a493ef0d4f81
SHA1

bff461bdb625fc3c981dc86d36f487c6501a440f
SHA256

d861c524f88012db48e4a8cb12242ecd66c22508f270991fa1d20f5b29f7a844
SHA512

3bd22b1a503f0fd8a52adf217caee8bfc303d6bf18424a19df696bbe21adaa21bfc681b9027acbd493ac7b008aaed56eac0fdea5b1aed327d0aa30952a542fce
SSDEEP

6144:eKlzr1sYCzek2ciDaP9Xk6Ln1W8W/9InBSkZZmLdGcAdgdY6RKpjS:eGhQ2ciDq9ZL1W8q9InBRqELdolRKpj

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3004 set thread context of 4760	3004	d861c524f88012db48e4a8cb12242ecd66c22508f270991fa1d20f5b29f7a844.exe	68

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1460	4760	WerFault.exe	68

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 4884	3004	d861c524f88012db48e4a8cb12242ecd66c22508f270991fa1d20f5b29f7a844.exe	66
PID 3004 wrote to memory of 4884	3004	d861c524f88012db48e4a8cb12242ecd66c22508f270991fa1d20f5b29f7a844.exe	66
PID 3004 wrote to memory of 4884	3004	d861c524f88012db48e4a8cb12242ecd66c22508f270991fa1d20f5b29f7a844.exe	66
PID 3004 wrote to memory of 4892	3004	d861c524f88012db48e4a8cb12242ecd66c22508f270991fa1d20f5b29f7a844.exe	67
PID 3004 wrote to memory of 4892	3004	d861c524f88012db48e4a8cb12242ecd66c22508f270991fa1d20f5b29f7a844.exe	67
PID 3004 wrote to memory of 4892	3004	d861c524f88012db48e4a8cb12242ecd66c22508f270991fa1d20f5b29f7a844.exe	67
PID 3004 wrote to memory of 4760	3004	d861c524f88012db48e4a8cb12242ecd66c22508f270991fa1d20f5b29f7a844.exe	68
PID 3004 wrote to memory of 4760	3004	d861c524f88012db48e4a8cb12242ecd66c22508f270991fa1d20f5b29f7a844.exe	68
PID 3004 wrote to memory of 4760	3004	d861c524f88012db48e4a8cb12242ecd66c22508f270991fa1d20f5b29f7a844.exe	68
PID 3004 wrote to memory of 4760	3004	d861c524f88012db48e4a8cb12242ecd66c22508f270991fa1d20f5b29f7a844.exe	68
PID 3004 wrote to memory of 4760	3004	d861c524f88012db48e4a8cb12242ecd66c22508f270991fa1d20f5b29f7a844.exe	68
PID 3004 wrote to memory of 4760	3004	d861c524f88012db48e4a8cb12242ecd66c22508f270991fa1d20f5b29f7a844.exe	68
PID 3004 wrote to memory of 4760	3004	d861c524f88012db48e4a8cb12242ecd66c22508f270991fa1d20f5b29f7a844.exe	68
PID 3004 wrote to memory of 4760	3004	d861c524f88012db48e4a8cb12242ecd66c22508f270991fa1d20f5b29f7a844.exe	68
PID 3004 wrote to memory of 4760	3004	d861c524f88012db48e4a8cb12242ecd66c22508f270991fa1d20f5b29f7a844.exe	68

C:\Users\Admin\AppData\Local\Temp\d861c524f88012db48e4a8cb12242ecd66c22508f270991fa1d20f5b29f7a844.exe
"C:\Users\Admin\AppData\Local\Temp\d861c524f88012db48e4a8cb12242ecd66c22508f270991fa1d20f5b29f7a844.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Users\Admin\AppData\Local\Temp\d861c524f88012db48e4a8cb12242ecd66c22508f270991fa1d20f5b29f7a844.exe
  C:\Users\Admin\AppData\Local\Temp\d861c524f88012db48e4a8cb12242ecd66c22508f270991fa1d20f5b29f7a844.exe
  2⤵
  PID:4884
- C:\Users\Admin\AppData\Local\Temp\d861c524f88012db48e4a8cb12242ecd66c22508f270991fa1d20f5b29f7a844.exe
  C:\Users\Admin\AppData\Local\Temp\d861c524f88012db48e4a8cb12242ecd66c22508f270991fa1d20f5b29f7a844.exe
  2⤵
  PID:4892
- C:\Users\Admin\AppData\Local\Temp\d861c524f88012db48e4a8cb12242ecd66c22508f270991fa1d20f5b29f7a844.exe
  C:\Users\Admin\AppData\Local\Temp\d861c524f88012db48e4a8cb12242ecd66c22508f270991fa1d20f5b29f7a844.exe
  2⤵
  PID:4760
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 152
    3⤵
    - Program crash
    PID:1460

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3004-115-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-116-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-117-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-118-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-119-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-120-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-121-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-122-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-123-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-124-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-125-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-126-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-127-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-128-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-129-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-130-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-131-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-132-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-133-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-134-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-135-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-136-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-137-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-138-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-139-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-140-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-141-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-142-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-144-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-143-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-145-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-146-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-147-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-148-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-149-0x0000000000DC0000-0x0000000000E16000-memory.dmp

Filesize
344KB

Download
memory/3004-150-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-151-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-152-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-153-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-154-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-155-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-156-0x00000000055F0000-0x00000000056BC000-memory.dmp

Filesize
816KB

Download
memory/3004-157-0x0000000008070000-0x000000000856E000-memory.dmp

Filesize
5.0MB

Download
memory/3004-158-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-159-0x0000000007C10000-0x0000000007CA2000-memory.dmp

Filesize
584KB

Download
memory/3004-160-0x0000000007B80000-0x0000000007B86000-memory.dmp

Filesize
24KB

Download
memory/3004-161-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-162-0x0000000007F30000-0x0000000007FA6000-memory.dmp

Filesize
472KB

Download
memory/3004-163-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-164-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-165-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-166-0x0000000007BD0000-0x0000000007BEE000-memory.dmp

Filesize
120KB

Download
memory/3004-167-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-168-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-169-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-170-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-171-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-172-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3004-178-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/4760-173-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/4760-175-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/4760-177-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/4760-176-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads