c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
30-08-2023 04:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f.exe
Size

1.3MB
MD5

7b9e51830ca279f231efe1aea149c607
SHA1

8719690061691d5301927df5f9e4450f9872b2f6
SHA256

c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f
SHA512

f1caa659ae970707069f5f82ea45e4f0923f73ab8b111137bc1471fe017bbe0762011653dc4a37ff6d6679a7c5c553a030b5a9f9da5677181912ba38c55e7271
SSDEEP

24576:o80iztSjOYYELrf92tsedlF0dI5C0f7ggiGZduAEWFndCm6+EbE6PzFZ:j0izGOYYELrV2tsedlF0dI5C0f7ggiGI

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2472 set thread context of 2320	2472	c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f.exe	29

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2420	2320	WerFault.exe	29

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 2472 wrote to memory of 2320	2472	c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f.exe	29
PID 2472 wrote to memory of 2320	2472	c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f.exe	29
PID 2472 wrote to memory of 2320	2472	c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f.exe	29
PID 2472 wrote to memory of 2320	2472	c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f.exe	29
PID 2472 wrote to memory of 2320	2472	c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f.exe	29
PID 2472 wrote to memory of 2320	2472	c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f.exe	29
PID 2472 wrote to memory of 2320	2472	c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f.exe	29
PID 2472 wrote to memory of 2320	2472	c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f.exe	29
PID 2472 wrote to memory of 2320	2472	c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f.exe	29
PID 2472 wrote to memory of 2320	2472	c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f.exe	29
PID 2472 wrote to memory of 2320	2472	c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f.exe	29
PID 2472 wrote to memory of 2320	2472	c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f.exe	29
PID 2472 wrote to memory of 2320	2472	c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f.exe	29
PID 2472 wrote to memory of 2320	2472	c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f.exe	29
PID 2320 wrote to memory of 2420	2320	AppLaunch.exe	30
PID 2320 wrote to memory of 2420	2320	AppLaunch.exe	30
PID 2320 wrote to memory of 2420	2320	AppLaunch.exe	30
PID 2320 wrote to memory of 2420	2320	AppLaunch.exe	30
PID 2320 wrote to memory of 2420	2320	AppLaunch.exe	30
PID 2320 wrote to memory of 2420	2320	AppLaunch.exe	30
PID 2320 wrote to memory of 2420	2320	AppLaunch.exe	30

C:\Users\Admin\AppData\Local\Temp\c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f.exe
"C:\Users\Admin\AppData\Local\Temp\c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2472
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2320
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 196
    3⤵
    - Program crash
    PID:2420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2320-1-0x0000000000400000-0x0000000000527000-memory.dmp

Filesize
1.2MB

Download
memory/2320-0-0x0000000000400000-0x0000000000527000-memory.dmp

Filesize
1.2MB

Download
memory/2320-2-0x0000000000400000-0x0000000000527000-memory.dmp

Filesize
1.2MB

Download
memory/2320-3-0x0000000000400000-0x0000000000527000-memory.dmp

Filesize
1.2MB

Download
memory/2320-4-0x0000000000400000-0x0000000000527000-memory.dmp

Filesize
1.2MB

Download
memory/2320-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2320-5-0x0000000000400000-0x0000000000527000-memory.dmp

Filesize
1.2MB

Download
memory/2320-7-0x0000000000400000-0x0000000000527000-memory.dmp

Filesize
1.2MB

Download
memory/2320-9-0x0000000000400000-0x0000000000527000-memory.dmp

Filesize
1.2MB

Download
memory/2320-11-0x0000000000400000-0x0000000000527000-memory.dmp

Filesize
1.2MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads