a47b360ae5c16ae70ba292f82897d9077618440ef68d30d2f63446da4d2e5b1f

General

Target

a47b360ae5c16ae70ba292f82897d9077618440ef68d30d2f63446da4d2e5b1f.exe
Size

93KB
MD5

0eef91ce5ad9e7f6e1c25c681fb34586
SHA1

0b96596cee958d52c928a8e82e69ad15eaf8fc92
SHA256

a47b360ae5c16ae70ba292f82897d9077618440ef68d30d2f63446da4d2e5b1f
SHA512

e08606e769c6c14177421fbe3e43ba479162ad8c5cf3a6248afc1da67f082d996314ed48ba8611e23494ba0a0994b9b807905fe5a5bb2332a426d80d9fb3c2b4
SSDEEP

1536:sADWm7KxPVuw7JU2epOu0KxAPDcOz1sBvHeUT1ANKLDBx:s+OHK4cOza5+UT2w

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 944 set thread context of 940	944	a47b360ae5c16ae70ba292f82897d9077618440ef68d30d2f63446da4d2e5b1f.exe	28

Program crash 1 IoCs

pid	pid_target	Process	procid_target
652	1608	WerFault.exe	29

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
944	a47b360ae5c16ae70ba292f82897d9077618440ef68d30d2f63446da4d2e5b1f.exe
944	a47b360ae5c16ae70ba292f82897d9077618440ef68d30d2f63446da4d2e5b1f.exe

Suspicious use of WriteProcessMemory 23 IoCs

description	pid	Process	procid_target
PID 944 wrote to memory of 940	944	a47b360ae5c16ae70ba292f82897d9077618440ef68d30d2f63446da4d2e5b1f.exe	28
PID 944 wrote to memory of 940	944	a47b360ae5c16ae70ba292f82897d9077618440ef68d30d2f63446da4d2e5b1f.exe	28
PID 944 wrote to memory of 940	944	a47b360ae5c16ae70ba292f82897d9077618440ef68d30d2f63446da4d2e5b1f.exe	28
PID 944 wrote to memory of 940	944	a47b360ae5c16ae70ba292f82897d9077618440ef68d30d2f63446da4d2e5b1f.exe	28
PID 944 wrote to memory of 940	944	a47b360ae5c16ae70ba292f82897d9077618440ef68d30d2f63446da4d2e5b1f.exe	28
PID 944 wrote to memory of 940	944	a47b360ae5c16ae70ba292f82897d9077618440ef68d30d2f63446da4d2e5b1f.exe	28
PID 944 wrote to memory of 940	944	a47b360ae5c16ae70ba292f82897d9077618440ef68d30d2f63446da4d2e5b1f.exe	28
PID 944 wrote to memory of 940	944	a47b360ae5c16ae70ba292f82897d9077618440ef68d30d2f63446da4d2e5b1f.exe	28
PID 944 wrote to memory of 940	944	a47b360ae5c16ae70ba292f82897d9077618440ef68d30d2f63446da4d2e5b1f.exe	28
PID 944 wrote to memory of 940	944	a47b360ae5c16ae70ba292f82897d9077618440ef68d30d2f63446da4d2e5b1f.exe	28
PID 940 wrote to memory of 1608	940	a47b360ae5c16ae70ba292f82897d9077618440ef68d30d2f63446da4d2e5b1f.exe	29
PID 940 wrote to memory of 1608	940	a47b360ae5c16ae70ba292f82897d9077618440ef68d30d2f63446da4d2e5b1f.exe	29
PID 940 wrote to memory of 1608	940	a47b360ae5c16ae70ba292f82897d9077618440ef68d30d2f63446da4d2e5b1f.exe	29
PID 940 wrote to memory of 1608	940	a47b360ae5c16ae70ba292f82897d9077618440ef68d30d2f63446da4d2e5b1f.exe	29
PID 940 wrote to memory of 1608	940	a47b360ae5c16ae70ba292f82897d9077618440ef68d30d2f63446da4d2e5b1f.exe	29
PID 940 wrote to memory of 1608	940	a47b360ae5c16ae70ba292f82897d9077618440ef68d30d2f63446da4d2e5b1f.exe	29
PID 940 wrote to memory of 1608	940	a47b360ae5c16ae70ba292f82897d9077618440ef68d30d2f63446da4d2e5b1f.exe	29
PID 940 wrote to memory of 1608	940	a47b360ae5c16ae70ba292f82897d9077618440ef68d30d2f63446da4d2e5b1f.exe	29
PID 940 wrote to memory of 1608	940	a47b360ae5c16ae70ba292f82897d9077618440ef68d30d2f63446da4d2e5b1f.exe	29
PID 1608 wrote to memory of 652	1608	explorer.exe	30
PID 1608 wrote to memory of 652	1608	explorer.exe	30
PID 1608 wrote to memory of 652	1608	explorer.exe	30
PID 1608 wrote to memory of 652	1608	explorer.exe	30

C:\Users\Admin\AppData\Local\Temp\a47b360ae5c16ae70ba292f82897d9077618440ef68d30d2f63446da4d2e5b1f.exe
"C:\Users\Admin\AppData\Local\Temp\a47b360ae5c16ae70ba292f82897d9077618440ef68d30d2f63446da4d2e5b1f.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:944
- C:\Users\Admin\AppData\Local\Temp\a47b360ae5c16ae70ba292f82897d9077618440ef68d30d2f63446da4d2e5b1f.exe
  "C:\Users\Admin\AppData\Local\Temp\a47b360ae5c16ae70ba292f82897d9077618440ef68d30d2f63446da4d2e5b1f.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:940
- - C:\Windows\SysWOW64\explorer.exe
    "C:\Windows\SysWOW64\explorer.exe"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1608
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 232
      4⤵
      Program crash
      PID:652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/940-61-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/940-65-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/940-58-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/940-59-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/940-60-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/940-55-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/940-56-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/944-63-0x0000000000230000-0x0000000000235000-memory.dmp

Filesize
20KB

Download
memory/944-54-0x0000000075B61000-0x0000000075B63000-memory.dmp

Filesize
8KB

Download
memory/1608-66-0x00000000000D0000-0x00000000000D4000-memory.dmp

Filesize
16KB

Download
memory/1608-68-0x00000000000E0000-0x00000000000E3000-memory.dmp

Filesize
12KB

Download
memory/1608-72-0x0000000074A01000-0x0000000074A03000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads