Analysis
-
max time kernel
155s -
max time network
194s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
04/12/2022, 02:26
General
-
Target
c49ba8f860323c36220e8e346afd3ed11f4d966f623f53f39e56abda36c6b6e4.exe
-
Size
426KB
-
MD5
9acf278b16dccc73e7368ddeab435199
-
SHA1
1b7a86a8c5daaee8d5a8250baeee2d1afd898a87
-
SHA256
c49ba8f860323c36220e8e346afd3ed11f4d966f623f53f39e56abda36c6b6e4
-
SHA512
c60888888697f13c57de21e7c512eb5839d8fe6a09e9bfb85f490a42bfb8b6bb5914f1b6bd81544a1362d622903cfcd99a305fb24d4602138808a8aa9d7a8113
-
SSDEEP
12288:FQYRfujIw6U0KUFJycitoInNg4T8aN8CRb4:F1R2jI73+ztoInzN4
Score
5/10
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
-
Program crash 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c49ba8f860323c36220e8e346afd3ed11f4d966f623f53f39e56abda36c6b6e4.exe"C:\Users\Admin\AppData\Local\Temp\c49ba8f860323c36220e8e346afd3ed11f4d966f623f53f39e56abda36c6b6e4.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\c49ba8f860323c36220e8e346afd3ed11f4d966f623f53f39e56abda36c6b6e4.exeC:\Users\Admin\AppData\Local\Temp\c49ba8f860323c36220e8e346afd3ed11f4d966f623f53f39e56abda36c6b6e4.exe2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 123⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3228 -ip 32281⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
160KB