5c3f0871cfcfe26b1cfe14f34225e05bd79f96f534950e7a8ad345668b2a48ac

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
18/09/2023, 17:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

JC_5c3f0871cfcfe26b1cfe14f34225e05bd79f96f534950e7a8ad345668b2a48ac.exe
Size

1.2MB
MD5

4b6ec23a4f0b592c27531bdd2a204865
SHA1

0ff7a0f37a8ce8e4d19edfb7d303f4c6d44b070c
SHA256

5c3f0871cfcfe26b1cfe14f34225e05bd79f96f534950e7a8ad345668b2a48ac
SHA512

6cd41905122e6d41edd8b2ca515c29bc231c115f318c5c791396fb4eff4cf38a0d634b9481ff10090047f10d65d21c7e16b03fe2788ce4c2d4140788102a7e9e
SSDEEP

24576:d3VF5goc2ZQNEOuy580gJMOiaSrR3WvJ0NzVorTLCE8Dt+s:R5gcIdWrilrRsmV6nCYs

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2976 set thread context of 1972	2976	JC_5c3f0871cfcfe26b1cfe14f34225e05bd79f96f534950e7a8ad345668b2a48ac.exe	29

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2196	1972	WerFault.exe	29

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 1972	2976	JC_5c3f0871cfcfe26b1cfe14f34225e05bd79f96f534950e7a8ad345668b2a48ac.exe	29
PID 2976 wrote to memory of 1972	2976	JC_5c3f0871cfcfe26b1cfe14f34225e05bd79f96f534950e7a8ad345668b2a48ac.exe	29
PID 2976 wrote to memory of 1972	2976	JC_5c3f0871cfcfe26b1cfe14f34225e05bd79f96f534950e7a8ad345668b2a48ac.exe	29
PID 2976 wrote to memory of 1972	2976	JC_5c3f0871cfcfe26b1cfe14f34225e05bd79f96f534950e7a8ad345668b2a48ac.exe	29
PID 2976 wrote to memory of 1972	2976	JC_5c3f0871cfcfe26b1cfe14f34225e05bd79f96f534950e7a8ad345668b2a48ac.exe	29
PID 2976 wrote to memory of 1972	2976	JC_5c3f0871cfcfe26b1cfe14f34225e05bd79f96f534950e7a8ad345668b2a48ac.exe	29
PID 2976 wrote to memory of 1972	2976	JC_5c3f0871cfcfe26b1cfe14f34225e05bd79f96f534950e7a8ad345668b2a48ac.exe	29
PID 2976 wrote to memory of 1972	2976	JC_5c3f0871cfcfe26b1cfe14f34225e05bd79f96f534950e7a8ad345668b2a48ac.exe	29
PID 2976 wrote to memory of 1972	2976	JC_5c3f0871cfcfe26b1cfe14f34225e05bd79f96f534950e7a8ad345668b2a48ac.exe	29
PID 2976 wrote to memory of 1972	2976	JC_5c3f0871cfcfe26b1cfe14f34225e05bd79f96f534950e7a8ad345668b2a48ac.exe	29
PID 2976 wrote to memory of 1972	2976	JC_5c3f0871cfcfe26b1cfe14f34225e05bd79f96f534950e7a8ad345668b2a48ac.exe	29
PID 2976 wrote to memory of 1972	2976	JC_5c3f0871cfcfe26b1cfe14f34225e05bd79f96f534950e7a8ad345668b2a48ac.exe	29
PID 2976 wrote to memory of 1972	2976	JC_5c3f0871cfcfe26b1cfe14f34225e05bd79f96f534950e7a8ad345668b2a48ac.exe	29
PID 2976 wrote to memory of 1972	2976	JC_5c3f0871cfcfe26b1cfe14f34225e05bd79f96f534950e7a8ad345668b2a48ac.exe	29
PID 1972 wrote to memory of 2196	1972	AppLaunch.exe	30
PID 1972 wrote to memory of 2196	1972	AppLaunch.exe	30
PID 1972 wrote to memory of 2196	1972	AppLaunch.exe	30
PID 1972 wrote to memory of 2196	1972	AppLaunch.exe	30
PID 1972 wrote to memory of 2196	1972	AppLaunch.exe	30
PID 1972 wrote to memory of 2196	1972	AppLaunch.exe	30
PID 1972 wrote to memory of 2196	1972	AppLaunch.exe	30

C:\Users\Admin\AppData\Local\Temp\JC_5c3f0871cfcfe26b1cfe14f34225e05bd79f96f534950e7a8ad345668b2a48ac.exe
"C:\Users\Admin\AppData\Local\Temp\JC_5c3f0871cfcfe26b1cfe14f34225e05bd79f96f534950e7a8ad345668b2a48ac.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1972
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 200
    3⤵
    - Program crash
    PID:2196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1972-0-0x0000000000400000-0x0000000000509000-memory.dmp

Filesize
1.0MB

Download
memory/1972-2-0x0000000000400000-0x0000000000509000-memory.dmp

Filesize
1.0MB

Download
memory/1972-1-0x0000000000400000-0x0000000000509000-memory.dmp

Filesize
1.0MB

Download
memory/1972-3-0x0000000000400000-0x0000000000509000-memory.dmp

Filesize
1.0MB

Download
memory/1972-4-0x0000000000400000-0x0000000000509000-memory.dmp

Filesize
1.0MB

Download
memory/1972-5-0x0000000000400000-0x0000000000509000-memory.dmp

Filesize
1.0MB

Download
memory/1972-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/1972-7-0x0000000000400000-0x0000000000509000-memory.dmp

Filesize
1.0MB

Download
memory/1972-9-0x0000000000400000-0x0000000000509000-memory.dmp

Filesize
1.0MB

Download
memory/1972-11-0x0000000000400000-0x0000000000509000-memory.dmp

Filesize
1.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads