2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011

General

Target

2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe
Size

95KB
MD5

20ef036e3c0facaa197cd1629b385e08
SHA1

51b3cdf8346b91118e2202c3376c9c8f3b8c9195
SHA256

2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011
SHA512

bb94a140a0abcaad72c23d3a260cf67ed026c9d0404665a91e34d067d05902b23acd6e8ca5c682833245a3df674dd9bd6d852d2930ccb029184a43564ce507f2
SSDEEP

1536:VADWm7KxPVuw7JU2epOu0KxAPDcOzu4ZXVwCyRUk8irSnLKBx:V+OHK4cOzu4ZXuL+k8ieM

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe

description	pid	process	target process
PID 1892 set thread context of 1016	1892	2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe	2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

580 524 WerFault.exe explorer.exe

pid	pid_target	process	target process
580	524	WerFault.exe	explorer.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe

pid	process
1892	2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe
1892	2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe

Suspicious use of WriteProcessMemory 23 IoCs

Processes:

2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exeexplorer.exe

description	pid	process	target process
PID 1892 wrote to memory of 1016	1892	2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe	2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe
PID 1892 wrote to memory of 1016	1892	2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe	2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe
PID 1892 wrote to memory of 1016	1892	2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe	2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe
PID 1892 wrote to memory of 1016	1892	2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe	2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe
PID 1892 wrote to memory of 1016	1892	2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe	2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe
PID 1892 wrote to memory of 1016	1892	2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe	2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe
PID 1892 wrote to memory of 1016	1892	2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe	2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe
PID 1892 wrote to memory of 1016	1892	2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe	2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe
PID 1892 wrote to memory of 1016	1892	2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe	2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe
PID 1892 wrote to memory of 1016	1892	2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe	2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe
PID 1016 wrote to memory of 524	1016	2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe	explorer.exe
PID 1016 wrote to memory of 524	1016	2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe	explorer.exe
PID 1016 wrote to memory of 524	1016	2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe	explorer.exe
PID 1016 wrote to memory of 524	1016	2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe	explorer.exe
PID 1016 wrote to memory of 524	1016	2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe	explorer.exe
PID 1016 wrote to memory of 524	1016	2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe	explorer.exe
PID 1016 wrote to memory of 524	1016	2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe	explorer.exe
PID 1016 wrote to memory of 524	1016	2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe	explorer.exe
PID 1016 wrote to memory of 524	1016	2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe	explorer.exe
PID 524 wrote to memory of 580	524	explorer.exe	WerFault.exe
PID 524 wrote to memory of 580	524	explorer.exe	WerFault.exe
PID 524 wrote to memory of 580	524	explorer.exe	WerFault.exe
PID 524 wrote to memory of 580	524	explorer.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe
"C:\Users\Admin\AppData\Local\Temp\2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1892

C:\Users\Admin\AppData\Local\Temp\2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe
"C:\Users\Admin\AppData\Local\Temp\2265c2ab03774107487cf2e45ac88ff3a7602db53d5bdf9c3387db14c605a011.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:1016

C:\Windows\SysWOW64\explorer.exe
"C:\Windows\SysWOW64\explorer.exe"
3⤵
- Suspicious use of WriteProcessMemory
PID:524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 524 -s 232
4⤵
- Program crash
PID:580

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/524-66-0x0000000000090000-0x0000000000094000-memory.dmp

Filesize
16KB

Download
memory/524-72-0x00000000752D1000-0x00000000752D3000-memory.dmp

Filesize
8KB

Download
memory/524-70-0x0000000000000000-mapping.dmp

Download
memory/524-68-0x00000000000A0000-0x00000000000A3000-memory.dmp

Filesize
12KB

Download
memory/580-73-0x0000000000000000-mapping.dmp

Download
memory/1016-61-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1016-56-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1016-55-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1016-65-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1016-62-0x0000000000402750-mapping.dmp

Download
memory/1016-58-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1016-59-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1016-60-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1892-54-0x00000000760B1000-0x00000000760B3000-memory.dmp

Filesize
8KB

Download
memory/1892-63-0x0000000000230000-0x0000000000235000-memory.dmp

Filesize
20KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads