ab5fc03b5446335f84d64f6da63b55f0c41bb5dc6836270a1fcf6b540ba051d2

Analysis

max time kernel
45s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 10:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ab5fc03b5446335f84d64f6da63b55f0c41bb5dc6836270a1fcf6b540ba051d2.exe
Size

1.0MB
MD5

1bd896b52180a31166a09d98251a270e
SHA1

59b39d132358daf6561ed06b18e4320dfb6e5121
SHA256

ab5fc03b5446335f84d64f6da63b55f0c41bb5dc6836270a1fcf6b540ba051d2
SHA512

7fd7ad361a43b0b81a4f70340947fcf5f4248c2d169269d597083769213e16da9844601d9f8b8694b301a01a2364f63ccd36e764904dabee3db78310ea2128fa
SSDEEP

24576:xRml09QdAWplsjrRn9OmQukq5pq65xxF7P9wBuq1VHNuoetw1Ay:xRY0mdXplsP2dPSLLa1VH+cz

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1464 set thread context of 1528	1464	ab5fc03b5446335f84d64f6da63b55f0c41bb5dc6836270a1fcf6b540ba051d2.exe	26

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1824	1528	WerFault.exe	26

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1464	ab5fc03b5446335f84d64f6da63b55f0c41bb5dc6836270a1fcf6b540ba051d2.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1464	ab5fc03b5446335f84d64f6da63b55f0c41bb5dc6836270a1fcf6b540ba051d2.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 1464 wrote to memory of 1528	1464	ab5fc03b5446335f84d64f6da63b55f0c41bb5dc6836270a1fcf6b540ba051d2.exe	26
PID 1464 wrote to memory of 1528	1464	ab5fc03b5446335f84d64f6da63b55f0c41bb5dc6836270a1fcf6b540ba051d2.exe	26
PID 1464 wrote to memory of 1528	1464	ab5fc03b5446335f84d64f6da63b55f0c41bb5dc6836270a1fcf6b540ba051d2.exe	26
PID 1464 wrote to memory of 1528	1464	ab5fc03b5446335f84d64f6da63b55f0c41bb5dc6836270a1fcf6b540ba051d2.exe	26
PID 1464 wrote to memory of 1528	1464	ab5fc03b5446335f84d64f6da63b55f0c41bb5dc6836270a1fcf6b540ba051d2.exe	26
PID 1464 wrote to memory of 1528	1464	ab5fc03b5446335f84d64f6da63b55f0c41bb5dc6836270a1fcf6b540ba051d2.exe	26
PID 1464 wrote to memory of 1528	1464	ab5fc03b5446335f84d64f6da63b55f0c41bb5dc6836270a1fcf6b540ba051d2.exe	26
PID 1464 wrote to memory of 1528	1464	ab5fc03b5446335f84d64f6da63b55f0c41bb5dc6836270a1fcf6b540ba051d2.exe	26
PID 1464 wrote to memory of 1528	1464	ab5fc03b5446335f84d64f6da63b55f0c41bb5dc6836270a1fcf6b540ba051d2.exe	26
PID 1464 wrote to memory of 1528	1464	ab5fc03b5446335f84d64f6da63b55f0c41bb5dc6836270a1fcf6b540ba051d2.exe	26
PID 1464 wrote to memory of 1528	1464	ab5fc03b5446335f84d64f6da63b55f0c41bb5dc6836270a1fcf6b540ba051d2.exe	26
PID 1464 wrote to memory of 1528	1464	ab5fc03b5446335f84d64f6da63b55f0c41bb5dc6836270a1fcf6b540ba051d2.exe	26
PID 1464 wrote to memory of 1528	1464	ab5fc03b5446335f84d64f6da63b55f0c41bb5dc6836270a1fcf6b540ba051d2.exe	26
PID 1464 wrote to memory of 1528	1464	ab5fc03b5446335f84d64f6da63b55f0c41bb5dc6836270a1fcf6b540ba051d2.exe	26
PID 1528 wrote to memory of 1824	1528	ab5fc03b5446335f84d64f6da63b55f0c41bb5dc6836270a1fcf6b540ba051d2.exe	27
PID 1528 wrote to memory of 1824	1528	ab5fc03b5446335f84d64f6da63b55f0c41bb5dc6836270a1fcf6b540ba051d2.exe	27
PID 1528 wrote to memory of 1824	1528	ab5fc03b5446335f84d64f6da63b55f0c41bb5dc6836270a1fcf6b540ba051d2.exe	27
PID 1528 wrote to memory of 1824	1528	ab5fc03b5446335f84d64f6da63b55f0c41bb5dc6836270a1fcf6b540ba051d2.exe	27

C:\Users\Admin\AppData\Local\Temp\ab5fc03b5446335f84d64f6da63b55f0c41bb5dc6836270a1fcf6b540ba051d2.exe
"C:\Users\Admin\AppData\Local\Temp\ab5fc03b5446335f84d64f6da63b55f0c41bb5dc6836270a1fcf6b540ba051d2.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1464
- C:\Users\Admin\AppData\Local\Temp\ab5fc03b5446335f84d64f6da63b55f0c41bb5dc6836270a1fcf6b540ba051d2.exe
  C:\Users\Admin\AppData\Local\Temp\ab5fc03b5446335f84d64f6da63b55f0c41bb5dc6836270a1fcf6b540ba051d2.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1528
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 36
    3⤵
    - Program crash
    PID:1824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1464-61-0x00000000001E0000-0x00000000001E5000-memory.dmp

Filesize
20KB

Download
memory/1464-54-0x0000000075B51000-0x0000000075B53000-memory.dmp

Filesize
8KB

Download
memory/1528-62-0x0000000000400000-0x0000000001400000-memory.dmp

Filesize
16.0MB

Download
memory/1528-57-0x0000000000400000-0x0000000001400000-memory.dmp

Filesize
16.0MB

Download
memory/1528-59-0x0000000000400000-0x0000000001400000-memory.dmp

Filesize
16.0MB

Download
memory/1528-56-0x0000000000400000-0x0000000001400000-memory.dmp

Filesize
16.0MB

Download
memory/1528-55-0x0000000000300000-0x0000000000400000-memory.dmp

Filesize
1024KB

Download
memory/1528-63-0x0000000000400000-0x0000000001400000-memory.dmp

Filesize
16.0MB

Download
memory/1528-65-0x0000000000400000-0x0000000001400000-memory.dmp

Filesize
16.0MB

Download
memory/1528-67-0x0000000000400000-0x0000000001400000-memory.dmp

Filesize
16.0MB

Download
memory/1528-69-0x0000000000400000-0x0000000001400000-memory.dmp

Filesize
16.0MB

Download
memory/1528-73-0x0000000000400000-0x0000000001400000-memory.dmp

Filesize
16.0MB

Download