c560fa7e684b1c445547f0e93ea0a9170a7ca4b1e7f841877575ec5ceb920781

Analysis

max time kernel
143s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/11/2022, 07:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c560fa7e684b1c445547f0e93ea0a9170a7ca4b1e7f841877575ec5ceb920781.exe
Size

439KB
MD5

2f48c3c6f9807647937d5fe64a57d702
SHA1

72d3d007a7d4d7fa60fa2c45347ed78528419df1
SHA256

c560fa7e684b1c445547f0e93ea0a9170a7ca4b1e7f841877575ec5ceb920781
SHA512

07f859f84f23fe28549071d4e5a775b8f813c94f486823d8fb22f0a7696e9a38572e8fc643412c10157893565b544747ce2159dfdd68543b8eca52ddcfb3ab30
SSDEEP

12288:4GLOt1zmv5EEBmC6NtRZW+Yiv8nAJUAqb:4zt1dtjWadJI

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1744 set thread context of 4968	1744	c560fa7e684b1c445547f0e93ea0a9170a7ca4b1e7f841877575ec5ceb920781.exe	81

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2232	4968	WerFault.exe	81

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 1744 wrote to memory of 4968	1744	c560fa7e684b1c445547f0e93ea0a9170a7ca4b1e7f841877575ec5ceb920781.exe	81
PID 1744 wrote to memory of 4968	1744	c560fa7e684b1c445547f0e93ea0a9170a7ca4b1e7f841877575ec5ceb920781.exe	81
PID 1744 wrote to memory of 4968	1744	c560fa7e684b1c445547f0e93ea0a9170a7ca4b1e7f841877575ec5ceb920781.exe	81
PID 1744 wrote to memory of 4968	1744	c560fa7e684b1c445547f0e93ea0a9170a7ca4b1e7f841877575ec5ceb920781.exe	81
PID 1744 wrote to memory of 4968	1744	c560fa7e684b1c445547f0e93ea0a9170a7ca4b1e7f841877575ec5ceb920781.exe	81
PID 1744 wrote to memory of 4968	1744	c560fa7e684b1c445547f0e93ea0a9170a7ca4b1e7f841877575ec5ceb920781.exe	81
PID 1744 wrote to memory of 4968	1744	c560fa7e684b1c445547f0e93ea0a9170a7ca4b1e7f841877575ec5ceb920781.exe	81
PID 1744 wrote to memory of 4968	1744	c560fa7e684b1c445547f0e93ea0a9170a7ca4b1e7f841877575ec5ceb920781.exe	81
PID 1744 wrote to memory of 4968	1744	c560fa7e684b1c445547f0e93ea0a9170a7ca4b1e7f841877575ec5ceb920781.exe	81
PID 1744 wrote to memory of 4968	1744	c560fa7e684b1c445547f0e93ea0a9170a7ca4b1e7f841877575ec5ceb920781.exe	81
PID 1744 wrote to memory of 4968	1744	c560fa7e684b1c445547f0e93ea0a9170a7ca4b1e7f841877575ec5ceb920781.exe	81
PID 1744 wrote to memory of 4968	1744	c560fa7e684b1c445547f0e93ea0a9170a7ca4b1e7f841877575ec5ceb920781.exe	81
PID 1744 wrote to memory of 4968	1744	c560fa7e684b1c445547f0e93ea0a9170a7ca4b1e7f841877575ec5ceb920781.exe	81
PID 1744 wrote to memory of 4968	1744	c560fa7e684b1c445547f0e93ea0a9170a7ca4b1e7f841877575ec5ceb920781.exe	81
PID 1744 wrote to memory of 4968	1744	c560fa7e684b1c445547f0e93ea0a9170a7ca4b1e7f841877575ec5ceb920781.exe	81

C:\Users\Admin\AppData\Local\Temp\c560fa7e684b1c445547f0e93ea0a9170a7ca4b1e7f841877575ec5ceb920781.exe
"C:\Users\Admin\AppData\Local\Temp\c560fa7e684b1c445547f0e93ea0a9170a7ca4b1e7f841877575ec5ceb920781.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1744
- C:\Users\Admin\AppData\Local\Temp\c560fa7e684b1c445547f0e93ea0a9170a7ca4b1e7f841877575ec5ceb920781.exe
  C:\Users\Admin\AppData\Local\Temp\c560fa7e684b1c445547f0e93ea0a9170a7ca4b1e7f841877575ec5ceb920781.exe
  2⤵
  PID:4968
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 544
    3⤵
    - Program crash
    PID:2232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4968 -ip 4968
1⤵
PID:4708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4968-133-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/4968-134-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/4968-135-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/4968-136-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/4968-137-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/4968-138-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/4968-139-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/4968-140-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/4968-141-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/4968-142-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/4968-144-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads