Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
19-09-2023 07:04
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230831-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20230915-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
file.exe
-
Size
393KB
-
MD5
5c1b0c2b1a58b5d7377430607c45b7bf
-
SHA1
356dceb14e57bfcee1c60a7f573571486eedca14
-
SHA256
97c14faea4fe308a99475f89b8b60b51a8e01e5f2a007d24ae0af317c9c9e648
-
SHA512
6d35a1bd8413b9311ed4ccd93343674a549fb0e21a7f7e77a2d20629f100869a82521dd2eee6bf348fb7b08b57bbafa56f23023ef361ca8d83478d2c0d3fabfd
-
SSDEEP
12288:DdmPqiG59ourk1T2OZv/NeH64LtkCrw2a9T1Sa:Ddm05KsH62is
Score
5/10
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
file.exedescription pid process target process PID 1408 set thread context of 2024 1408 file.exe AppLaunch.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2780 2024 WerFault.exe AppLaunch.exe -
Suspicious use of WriteProcessMemory 28 IoCs
Processes:
file.exeAppLaunch.exedescription pid process target process PID 1408 wrote to memory of 1640 1408 file.exe AppLaunch.exe PID 1408 wrote to memory of 1640 1408 file.exe AppLaunch.exe PID 1408 wrote to memory of 1640 1408 file.exe AppLaunch.exe PID 1408 wrote to memory of 1640 1408 file.exe AppLaunch.exe PID 1408 wrote to memory of 1640 1408 file.exe AppLaunch.exe PID 1408 wrote to memory of 1640 1408 file.exe AppLaunch.exe PID 1408 wrote to memory of 1640 1408 file.exe AppLaunch.exe PID 1408 wrote to memory of 2024 1408 file.exe AppLaunch.exe PID 1408 wrote to memory of 2024 1408 file.exe AppLaunch.exe PID 1408 wrote to memory of 2024 1408 file.exe AppLaunch.exe PID 1408 wrote to memory of 2024 1408 file.exe AppLaunch.exe PID 1408 wrote to memory of 2024 1408 file.exe AppLaunch.exe PID 1408 wrote to memory of 2024 1408 file.exe AppLaunch.exe PID 1408 wrote to memory of 2024 1408 file.exe AppLaunch.exe PID 1408 wrote to memory of 2024 1408 file.exe AppLaunch.exe PID 1408 wrote to memory of 2024 1408 file.exe AppLaunch.exe PID 1408 wrote to memory of 2024 1408 file.exe AppLaunch.exe PID 1408 wrote to memory of 2024 1408 file.exe AppLaunch.exe PID 1408 wrote to memory of 2024 1408 file.exe AppLaunch.exe PID 1408 wrote to memory of 2024 1408 file.exe AppLaunch.exe PID 1408 wrote to memory of 2024 1408 file.exe AppLaunch.exe PID 2024 wrote to memory of 2780 2024 AppLaunch.exe WerFault.exe PID 2024 wrote to memory of 2780 2024 AppLaunch.exe WerFault.exe PID 2024 wrote to memory of 2780 2024 AppLaunch.exe WerFault.exe PID 2024 wrote to memory of 2780 2024 AppLaunch.exe WerFault.exe PID 2024 wrote to memory of 2780 2024 AppLaunch.exe WerFault.exe PID 2024 wrote to memory of 2780 2024 AppLaunch.exe WerFault.exe PID 2024 wrote to memory of 2780 2024 AppLaunch.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\file.exe"C:\Users\Admin\AppData\Local\Temp\file.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1408 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"2⤵PID:1640
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:2024 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 1963⤵
- Program crash
PID:2780