780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e

General

Target

780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe
Size

172KB
MD5

ccdd18076c1acd3c196414808388f452
SHA1

94ca7f06d0b554eefd02c79c76fd52ed46163a17
SHA256

780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e
SHA512

f0eea043f7b7bdce0a6375249ba1b40b9362b33abf8eba323c65525786acd5ce59316f28ef98da7e65f26f37916d657d342788e978ce8d1f5b392479f0ad4f77
SSDEEP

1536:Y+MwtP+jOPdIkppDPAyp6EnxWqZ7+c0DwMAXHRZP:0wtEkrDPAyp9W+7+ckGHL

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe

description	pid	process	target process
PID 1536 set thread context of 1896	1536	780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe	780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1716 2008 WerFault.exe explorer.exe

pid	pid_target	process	target process
1716	2008	WerFault.exe	explorer.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe

pid	process
1536	780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe
1536	780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe

Suspicious use of WriteProcessMemory 23 IoCs

Processes:

780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exeexplorer.exe

description	pid	process	target process
PID 1536 wrote to memory of 1896	1536	780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe	780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe
PID 1536 wrote to memory of 1896	1536	780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe	780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe
PID 1536 wrote to memory of 1896	1536	780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe	780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe
PID 1536 wrote to memory of 1896	1536	780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe	780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe
PID 1536 wrote to memory of 1896	1536	780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe	780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe
PID 1536 wrote to memory of 1896	1536	780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe	780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe
PID 1536 wrote to memory of 1896	1536	780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe	780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe
PID 1536 wrote to memory of 1896	1536	780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe	780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe
PID 1536 wrote to memory of 1896	1536	780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe	780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe
PID 1536 wrote to memory of 1896	1536	780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe	780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe
PID 1896 wrote to memory of 2008	1896	780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe	explorer.exe
PID 1896 wrote to memory of 2008	1896	780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe	explorer.exe
PID 1896 wrote to memory of 2008	1896	780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe	explorer.exe
PID 1896 wrote to memory of 2008	1896	780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe	explorer.exe
PID 1896 wrote to memory of 2008	1896	780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe	explorer.exe
PID 1896 wrote to memory of 2008	1896	780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe	explorer.exe
PID 1896 wrote to memory of 2008	1896	780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe	explorer.exe
PID 1896 wrote to memory of 2008	1896	780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe	explorer.exe
PID 1896 wrote to memory of 2008	1896	780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe	explorer.exe
PID 2008 wrote to memory of 1716	2008	explorer.exe	WerFault.exe
PID 2008 wrote to memory of 1716	2008	explorer.exe	WerFault.exe
PID 2008 wrote to memory of 1716	2008	explorer.exe	WerFault.exe
PID 2008 wrote to memory of 1716	2008	explorer.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe
"C:\Users\Admin\AppData\Local\Temp\780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1536

C:\Users\Admin\AppData\Local\Temp\780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe
"C:\Users\Admin\AppData\Local\Temp\780ae7655494133bf4cdf70324e7f2b5ec9626783fd671f79e77833b779cf74e.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:1896

C:\Windows\SysWOW64\explorer.exe
"C:\Windows\SysWOW64\explorer.exe"
3⤵
- Suspicious use of WriteProcessMemory
PID:2008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 232
4⤵
- Program crash
PID:1716

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1536-54-0x0000000076871000-0x0000000076873000-memory.dmp

Filesize
8KB

Download
memory/1536-63-0x0000000000330000-0x0000000000335000-memory.dmp

Filesize
20KB

Download
memory/1716-73-0x0000000000000000-mapping.dmp

Download
memory/1896-61-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1896-59-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1896-60-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1896-58-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1896-56-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1896-62-0x0000000000402750-mapping.dmp

Download
memory/1896-65-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1896-55-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2008-68-0x00000000000A0000-0x00000000000A3000-memory.dmp

Filesize
12KB

Download
memory/2008-66-0x0000000000090000-0x0000000000094000-memory.dmp

Filesize
16KB

Download
memory/2008-70-0x0000000000000000-mapping.dmp

Download
memory/2008-72-0x0000000075631000-0x0000000075633000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads