4bc4633b3c8f5525618a59e734041fbfe75bd82504c6318ce0c7072165a68857

Analysis

max time kernel
138s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 07:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4bc4633b3c8f5525618a59e734041fbfe75bd82504c6318ce0c7072165a68857.exe
Size

147KB
MD5

1cd876a6402a849ba874e46768c1e550
SHA1

1e05a5f846a2c538a5c158cad83a58b6cc523c2f
SHA256

4bc4633b3c8f5525618a59e734041fbfe75bd82504c6318ce0c7072165a68857
SHA512

d72b40c981abe65230aff070660a0de541ee4feb78c3be4cacc438f0ddcbb0a4739516d7b68c6b5eb0bf95a570ed479d1267cd65403c481221a2877913f89c1d
SSDEEP

3072:usQ2XjoXYVcAc1x+woNXDu0s15G/VEDnaBmZF7/BScODsN/Y:uB2XjoXiciDZuX5GmDsmZF7eDsa

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 3 IoCs

description	pid	Process	procid_target
PID 3408 set thread context of 4836	3408	4bc4633b3c8f5525618a59e734041fbfe75bd82504c6318ce0c7072165a68857.exe	78
PID 4836 set thread context of 4484	4836	4bc4633b3c8f5525618a59e734041fbfe75bd82504c6318ce0c7072165a68857.exe	79
PID 4484 set thread context of 4848	4484	4bc4633b3c8f5525618a59e734041fbfe75bd82504c6318ce0c7072165a68857.exe	80

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5060	4848	WerFault.exe	80

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 3408 wrote to memory of 4836	3408	4bc4633b3c8f5525618a59e734041fbfe75bd82504c6318ce0c7072165a68857.exe	78
PID 3408 wrote to memory of 4836	3408	4bc4633b3c8f5525618a59e734041fbfe75bd82504c6318ce0c7072165a68857.exe	78
PID 3408 wrote to memory of 4836	3408	4bc4633b3c8f5525618a59e734041fbfe75bd82504c6318ce0c7072165a68857.exe	78
PID 4836 wrote to memory of 4484	4836	4bc4633b3c8f5525618a59e734041fbfe75bd82504c6318ce0c7072165a68857.exe	79
PID 4836 wrote to memory of 4484	4836	4bc4633b3c8f5525618a59e734041fbfe75bd82504c6318ce0c7072165a68857.exe	79
PID 4836 wrote to memory of 4484	4836	4bc4633b3c8f5525618a59e734041fbfe75bd82504c6318ce0c7072165a68857.exe	79
PID 4484 wrote to memory of 4848	4484	4bc4633b3c8f5525618a59e734041fbfe75bd82504c6318ce0c7072165a68857.exe	80
PID 4484 wrote to memory of 4848	4484	4bc4633b3c8f5525618a59e734041fbfe75bd82504c6318ce0c7072165a68857.exe	80
PID 4484 wrote to memory of 4848	4484	4bc4633b3c8f5525618a59e734041fbfe75bd82504c6318ce0c7072165a68857.exe	80
PID 4484 wrote to memory of 4848	4484	4bc4633b3c8f5525618a59e734041fbfe75bd82504c6318ce0c7072165a68857.exe	80
PID 4484 wrote to memory of 4848	4484	4bc4633b3c8f5525618a59e734041fbfe75bd82504c6318ce0c7072165a68857.exe	80
PID 4484 wrote to memory of 4848	4484	4bc4633b3c8f5525618a59e734041fbfe75bd82504c6318ce0c7072165a68857.exe	80
PID 4484 wrote to memory of 4848	4484	4bc4633b3c8f5525618a59e734041fbfe75bd82504c6318ce0c7072165a68857.exe	80
PID 4484 wrote to memory of 4848	4484	4bc4633b3c8f5525618a59e734041fbfe75bd82504c6318ce0c7072165a68857.exe	80
PID 4484 wrote to memory of 4848	4484	4bc4633b3c8f5525618a59e734041fbfe75bd82504c6318ce0c7072165a68857.exe	80
PID 4484 wrote to memory of 4848	4484	4bc4633b3c8f5525618a59e734041fbfe75bd82504c6318ce0c7072165a68857.exe	80
PID 4484 wrote to memory of 4848	4484	4bc4633b3c8f5525618a59e734041fbfe75bd82504c6318ce0c7072165a68857.exe	80

C:\Users\Admin\AppData\Local\Temp\4bc4633b3c8f5525618a59e734041fbfe75bd82504c6318ce0c7072165a68857.exe
"C:\Users\Admin\AppData\Local\Temp\4bc4633b3c8f5525618a59e734041fbfe75bd82504c6318ce0c7072165a68857.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3408
- C:\Users\Admin\AppData\Local\Temp\4bc4633b3c8f5525618a59e734041fbfe75bd82504c6318ce0c7072165a68857.exe
  "C:\Users\Admin\AppData\Local\Temp\4bc4633b3c8f5525618a59e734041fbfe75bd82504c6318ce0c7072165a68857.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:4836
- - C:\Users\Admin\AppData\Local\Temp\4bc4633b3c8f5525618a59e734041fbfe75bd82504c6318ce0c7072165a68857.exe
    "C:\Users\Admin\AppData\Local\Temp\4bc4633b3c8f5525618a59e734041fbfe75bd82504c6318ce0c7072165a68857.exe"
    3⤵
    - Suspicious use of SetThreadContext
    - Suspicious use of WriteProcessMemory
    PID:4484
  - - C:\Users\Admin\AppData\Local\Temp\4bc4633b3c8f5525618a59e734041fbfe75bd82504c6318ce0c7072165a68857.exe
      "C:\Users\Admin\AppData\Local\Temp\4bc4633b3c8f5525618a59e734041fbfe75bd82504c6318ce0c7072165a68857.exe"
      4⤵
      PID:4848
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 296
        5⤵
        Program crash
        
        PID:5060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4848 -ip 4848
1⤵
PID:4972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4848-135-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4848-137-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4848-138-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads