5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc

General

Target

5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe
Size

143KB
MD5

42b74b0dde8c7313e2403b7a93dd4941
SHA1

1b8566d4aca70eb7ee00896188c3b5691cfb8204
SHA256

5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc
SHA512

c188ea28e0b64303ddfbdb2f24f2b9997b923989e621289f7a20ea69bf96a5f85290526fdf51d5185e3b4008e399fbcd133c76bc2d0fd0e438be94c96ae10aff
SSDEEP

3072:iO2T8atgFx6Bj0j1IhD07cDxyy1rbFo8eAvkdQM:32T8Vx6BAIBh6TXd3

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe

description	pid	process	target process
PID 1504 set thread context of 688	1504	5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe	5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1080 1924 WerFault.exe explorer.exe

pid	pid_target	process	target process
1080	1924	WerFault.exe	explorer.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe

pid	process
1504	5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe
1504	5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe

Suspicious use of WriteProcessMemory 23 IoCs

Processes:

5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exeexplorer.exe

description	pid	process	target process
PID 1504 wrote to memory of 688	1504	5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe	5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe
PID 1504 wrote to memory of 688	1504	5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe	5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe
PID 1504 wrote to memory of 688	1504	5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe	5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe
PID 1504 wrote to memory of 688	1504	5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe	5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe
PID 1504 wrote to memory of 688	1504	5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe	5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe
PID 1504 wrote to memory of 688	1504	5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe	5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe
PID 1504 wrote to memory of 688	1504	5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe	5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe
PID 1504 wrote to memory of 688	1504	5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe	5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe
PID 1504 wrote to memory of 688	1504	5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe	5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe
PID 1504 wrote to memory of 688	1504	5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe	5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe
PID 688 wrote to memory of 1924	688	5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe	explorer.exe
PID 688 wrote to memory of 1924	688	5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe	explorer.exe
PID 688 wrote to memory of 1924	688	5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe	explorer.exe
PID 688 wrote to memory of 1924	688	5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe	explorer.exe
PID 688 wrote to memory of 1924	688	5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe	explorer.exe
PID 688 wrote to memory of 1924	688	5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe	explorer.exe
PID 688 wrote to memory of 1924	688	5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe	explorer.exe
PID 688 wrote to memory of 1924	688	5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe	explorer.exe
PID 688 wrote to memory of 1924	688	5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe	explorer.exe
PID 1924 wrote to memory of 1080	1924	explorer.exe	WerFault.exe
PID 1924 wrote to memory of 1080	1924	explorer.exe	WerFault.exe
PID 1924 wrote to memory of 1080	1924	explorer.exe	WerFault.exe
PID 1924 wrote to memory of 1080	1924	explorer.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe
"C:\Users\Admin\AppData\Local\Temp\5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1504
- C:\Users\Admin\AppData\Local\Temp\5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe
  "C:\Users\Admin\AppData\Local\Temp\5ec6b178662b0732ac291297f16eb91cd57ddabac303a425236ace270bb0c0bc.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:688
- - C:\Windows\SysWOW64\explorer.exe
    "C:\Windows\SysWOW64\explorer.exe"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1924
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 232
      4⤵
      Program crash
      PID:1080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/688-61-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/688-65-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/688-56-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/688-58-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/688-59-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/688-60-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/688-55-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/688-62-0x0000000000402350-mapping.dmp

Download
memory/1080-73-0x0000000000000000-mapping.dmp

Download
memory/1504-63-0x0000000000220000-0x0000000000224000-memory.dmp

Filesize
16KB

Download
memory/1504-54-0x00000000761F1000-0x00000000761F3000-memory.dmp

Filesize
8KB

Download
memory/1924-66-0x0000000000090000-0x0000000000094000-memory.dmp

Filesize
16KB

Download
memory/1924-68-0x00000000000A0000-0x00000000000A3000-memory.dmp

Filesize
12KB

Download
memory/1924-70-0x0000000000000000-mapping.dmp

Download
memory/1924-72-0x0000000074CD1000-0x0000000074CD3000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads