bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed

Analysis

max time kernel
41s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 18:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed.exe
Size

724KB
MD5

168c76af44b30535d4e067d34a1f568b
SHA1

5931a2416395205529fdef69a1ed897274bf1efd
SHA256

bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed
SHA512

ec679e9c0991d26674ab7ddc9a0a5817f3eab31b3bb5c24a7fa499cd07bbe0fc2b3608a78c5014e75d2446868e2f7dc879e679f5b69eb9a4168f4a52f549b3b5
SSDEEP

12288:VkIybu8N3UzBStPzm4Al3Y0BDWixnLIIRjxr4XINb1wFwWoq+xZe3r:VkEBSta9vpNb1+wWorZ0r

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed.exe

description	pid	process	target process
PID 1660 set thread context of 1104	1660	bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed.exe	bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1752 1104 WerFault.exe bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed.exe

pid process

1660 bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed.exe

pid	pid_target	process	target process
1752	1104	WerFault.exe	bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed.exe

pid	process
1660	bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed.exe

Suspicious use of WriteProcessMemory 13 IoCs

Processes:

bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed.exebfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed.exe

description	pid	process	target process
PID 1660 wrote to memory of 1104	1660	bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed.exe	bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed.exe
PID 1660 wrote to memory of 1104	1660	bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed.exe	bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed.exe
PID 1660 wrote to memory of 1104	1660	bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed.exe	bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed.exe
PID 1660 wrote to memory of 1104	1660	bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed.exe	bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed.exe
PID 1660 wrote to memory of 1104	1660	bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed.exe	bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed.exe
PID 1660 wrote to memory of 1104	1660	bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed.exe	bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed.exe
PID 1660 wrote to memory of 1104	1660	bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed.exe	bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed.exe
PID 1660 wrote to memory of 1104	1660	bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed.exe	bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed.exe
PID 1660 wrote to memory of 1104	1660	bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed.exe	bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed.exe
PID 1104 wrote to memory of 1752	1104	bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed.exe	WerFault.exe
PID 1104 wrote to memory of 1752	1104	bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed.exe	WerFault.exe
PID 1104 wrote to memory of 1752	1104	bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed.exe	WerFault.exe
PID 1104 wrote to memory of 1752	1104	bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed.exe
"C:\Users\Admin\AppData\Local\Temp\bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1660

C:\Users\Admin\AppData\Local\Temp\bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed.exe
"C:\Users\Admin\AppData\Local\Temp\bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:1104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 96
3⤵
- Program crash
PID:1752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1104-57-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1104-58-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1104-59-0x0000000000408A2E-mapping.dmp

Download
memory/1104-62-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1104-66-0x0000000000220000-0x000000000022F000-memory.dmp

Filesize
60KB

Download
memory/1104-65-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1660-56-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/1660-61-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/1752-64-0x0000000000000000-mapping.dmp

Download