b3ba3bf0be1a8d252f790f8c5f475660fb40298b33f934b073df2776390327a3

Analysis

max time kernel
53s
max time network
72s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
03/11/2022, 12:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b3ba3bf0be1a8d252f790f8c5f475660fb40298b33f934b073df2776390327a3.exe
Size

327KB
MD5

291e45a9ce7a1b02d8b366746fa912e7
SHA1

373505fedf2a2af59788e4f0bf3e8eaa6b23d8ac
SHA256

b3ba3bf0be1a8d252f790f8c5f475660fb40298b33f934b073df2776390327a3
SHA512

95f1ef63470024b23fb792334cf73be2a6aa0f2e943dfb8adb1be269c9c7e56893cda4a2f2e354e3b8f1412f90d29d5ad34bf72c2f3bc352cf07d4bbfb5880c7
SSDEEP

6144:eKlzr1sYCzek2ciDaP9Xk6Ln1W8W/9InBSkZZmLdGcAdgdY6RKpjS:eGhQ2ciDq9ZL1W8q9InBRqELdolRKpj

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2832 set thread context of 4868	2832	b3ba3bf0be1a8d252f790f8c5f475660fb40298b33f934b073df2776390327a3.exe	66

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4152	4868	WerFault.exe	66

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2832 wrote to memory of 4868	2832	b3ba3bf0be1a8d252f790f8c5f475660fb40298b33f934b073df2776390327a3.exe	66
PID 2832 wrote to memory of 4868	2832	b3ba3bf0be1a8d252f790f8c5f475660fb40298b33f934b073df2776390327a3.exe	66
PID 2832 wrote to memory of 4868	2832	b3ba3bf0be1a8d252f790f8c5f475660fb40298b33f934b073df2776390327a3.exe	66
PID 2832 wrote to memory of 4868	2832	b3ba3bf0be1a8d252f790f8c5f475660fb40298b33f934b073df2776390327a3.exe	66
PID 2832 wrote to memory of 4868	2832	b3ba3bf0be1a8d252f790f8c5f475660fb40298b33f934b073df2776390327a3.exe	66
PID 2832 wrote to memory of 4868	2832	b3ba3bf0be1a8d252f790f8c5f475660fb40298b33f934b073df2776390327a3.exe	66
PID 2832 wrote to memory of 4868	2832	b3ba3bf0be1a8d252f790f8c5f475660fb40298b33f934b073df2776390327a3.exe	66
PID 2832 wrote to memory of 4868	2832	b3ba3bf0be1a8d252f790f8c5f475660fb40298b33f934b073df2776390327a3.exe	66
PID 2832 wrote to memory of 4868	2832	b3ba3bf0be1a8d252f790f8c5f475660fb40298b33f934b073df2776390327a3.exe	66

C:\Users\Admin\AppData\Local\Temp\b3ba3bf0be1a8d252f790f8c5f475660fb40298b33f934b073df2776390327a3.exe
"C:\Users\Admin\AppData\Local\Temp\b3ba3bf0be1a8d252f790f8c5f475660fb40298b33f934b073df2776390327a3.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2832
- C:\Users\Admin\AppData\Local\Temp\b3ba3bf0be1a8d252f790f8c5f475660fb40298b33f934b073df2776390327a3.exe
  C:\Users\Admin\AppData\Local\Temp\b3ba3bf0be1a8d252f790f8c5f475660fb40298b33f934b073df2776390327a3.exe
  2⤵
  PID:4868
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 24
    3⤵
    - Program crash
    PID:4152

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2832-115-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-116-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-117-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-118-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-119-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-121-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-120-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-122-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-123-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-124-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-125-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-126-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-127-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-128-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-129-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-130-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-131-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-132-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-133-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-134-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-135-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-136-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-137-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-138-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-139-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-140-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-141-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-142-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-143-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-144-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-145-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-146-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-147-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-148-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-149-0x0000000000C20000-0x0000000000C76000-memory.dmp

Filesize
344KB

Download
memory/2832-150-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-151-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-152-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-153-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-154-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-155-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-156-0x00000000079F0000-0x0000000007ABC000-memory.dmp

Filesize
816KB

Download
memory/2832-157-0x0000000007FC0000-0x00000000084BE000-memory.dmp

Filesize
5.0MB

Download
memory/2832-158-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-159-0x0000000007B60000-0x0000000007BF2000-memory.dmp

Filesize
584KB

Download
memory/2832-160-0x0000000002F20000-0x0000000002F26000-memory.dmp

Filesize
24KB

Download
memory/2832-161-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-162-0x0000000007AC0000-0x0000000007B36000-memory.dmp

Filesize
472KB

Download
memory/2832-163-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-164-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-165-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-166-0x00000000055D0000-0x00000000055EE000-memory.dmp

Filesize
120KB

Download
memory/2832-167-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-168-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-169-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-170-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-171-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-172-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-175-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/4868-173-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads