51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56

General

Target

51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe
Size

205KB
MD5

9c11fce9426735b38d65aaab7ac52ac1
SHA1

6681cfcd27aa72f7af69f1800c2d9fd3bb6e0e6e
SHA256

51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56
SHA512

381ca6a177df0222d9f29e8a4078f531c9c249deccba08c8af3d6573507876c086918c59720a4ed287bb864b1bf70ec5b93b1784f81cd66afcc6303454d57f43
SSDEEP

1536:Z2EoFMbYj5ZrIUbJX7+7fHYiJUP0k1A9WPhRkBBABywTmKFwB3r5Icdear:5U9Rb1hsfoTkBBoyUjFwVFI6ea

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe

description	pid	process	target process
PID 1688 set thread context of 692	1688	51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe	51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1192 1996 WerFault.exe explorer.exe

pid	pid_target	process	target process
1192	1996	WerFault.exe	explorer.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe

pid	process
1688	51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe
1688	51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe

Suspicious use of WriteProcessMemory 23 IoCs

Processes:

51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exeexplorer.exe

description	pid	process	target process
PID 1688 wrote to memory of 692	1688	51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe	51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe
PID 1688 wrote to memory of 692	1688	51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe	51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe
PID 1688 wrote to memory of 692	1688	51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe	51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe
PID 1688 wrote to memory of 692	1688	51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe	51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe
PID 1688 wrote to memory of 692	1688	51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe	51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe
PID 1688 wrote to memory of 692	1688	51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe	51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe
PID 1688 wrote to memory of 692	1688	51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe	51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe
PID 1688 wrote to memory of 692	1688	51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe	51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe
PID 1688 wrote to memory of 692	1688	51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe	51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe
PID 1688 wrote to memory of 692	1688	51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe	51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe
PID 692 wrote to memory of 1996	692	51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe	explorer.exe
PID 692 wrote to memory of 1996	692	51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe	explorer.exe
PID 692 wrote to memory of 1996	692	51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe	explorer.exe
PID 692 wrote to memory of 1996	692	51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe	explorer.exe
PID 692 wrote to memory of 1996	692	51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe	explorer.exe
PID 692 wrote to memory of 1996	692	51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe	explorer.exe
PID 692 wrote to memory of 1996	692	51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe	explorer.exe
PID 692 wrote to memory of 1996	692	51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe	explorer.exe
PID 692 wrote to memory of 1996	692	51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe	explorer.exe
PID 1996 wrote to memory of 1192	1996	explorer.exe	WerFault.exe
PID 1996 wrote to memory of 1192	1996	explorer.exe	WerFault.exe
PID 1996 wrote to memory of 1192	1996	explorer.exe	WerFault.exe
PID 1996 wrote to memory of 1192	1996	explorer.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe
"C:\Users\Admin\AppData\Local\Temp\51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1688

C:\Users\Admin\AppData\Local\Temp\51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe
"C:\Users\Admin\AppData\Local\Temp\51b4cf58323ad7ab82b0c6e608f5618bf12c15175224a02666f01062e25f7a56.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:692

C:\Windows\SysWOW64\explorer.exe
"C:\Windows\SysWOW64\explorer.exe"
3⤵
- Suspicious use of WriteProcessMemory
PID:1996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 232
4⤵
- Program crash
PID:1192

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/692-60-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/692-65-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/692-56-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/692-58-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/692-59-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/692-61-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/692-55-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/692-62-0x0000000000402750-mapping.dmp

Download
memory/1192-73-0x0000000000000000-mapping.dmp

Download
memory/1688-63-0x00000000001B0000-0x00000000001B5000-memory.dmp

Filesize
20KB

Download
memory/1688-54-0x0000000075601000-0x0000000075603000-memory.dmp

Filesize
8KB

Download
memory/1996-66-0x0000000000090000-0x0000000000094000-memory.dmp

Filesize
16KB

Download
memory/1996-68-0x00000000000A0000-0x00000000000A3000-memory.dmp

Filesize
12KB

Download
memory/1996-70-0x0000000000000000-mapping.dmp

Download
memory/1996-72-0x00000000746B1000-0x00000000746B3000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads