ccc6631f4d4f2b5b95004983e92713a5b4dd6ec84878ac0877ad4957e28b2239

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
19/09/2023, 07:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2a5106da344aca587cab9be21ded0759a7bbe65c4256e9ebe29a8a46fed2f21c.exe
Size

1.4MB
MD5

69074014da69d3243b5d346495613fdd
SHA1

f9b27372822e6caa3db067ad4653371a6c8bb174
SHA256

2a5106da344aca587cab9be21ded0759a7bbe65c4256e9ebe29a8a46fed2f21c
SHA512

e9759186cb7f1592dc6cd98ab4032925f3e810397adeeb410951f64b8452185af3d3efbf241ad59c234650b235d26db9e1988d117473a79546c498dd32e27136
SSDEEP

24576:VJWP5yTLXHLtD/GxCI/ZyDHp4UnIiEodE8nT9lg1iNFtXoYKcYIlksRUjs:85CFjGwICJ4UD4gT9lg1ij6Y5lnUjs

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2208 set thread context of 2052	2208	2a5106da344aca587cab9be21ded0759a7bbe65c4256e9ebe29a8a46fed2f21c.exe	29

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1944	2052	WerFault.exe	29

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2052	2208	2a5106da344aca587cab9be21ded0759a7bbe65c4256e9ebe29a8a46fed2f21c.exe	29
PID 2208 wrote to memory of 2052	2208	2a5106da344aca587cab9be21ded0759a7bbe65c4256e9ebe29a8a46fed2f21c.exe	29
PID 2208 wrote to memory of 2052	2208	2a5106da344aca587cab9be21ded0759a7bbe65c4256e9ebe29a8a46fed2f21c.exe	29
PID 2208 wrote to memory of 2052	2208	2a5106da344aca587cab9be21ded0759a7bbe65c4256e9ebe29a8a46fed2f21c.exe	29
PID 2208 wrote to memory of 2052	2208	2a5106da344aca587cab9be21ded0759a7bbe65c4256e9ebe29a8a46fed2f21c.exe	29
PID 2208 wrote to memory of 2052	2208	2a5106da344aca587cab9be21ded0759a7bbe65c4256e9ebe29a8a46fed2f21c.exe	29
PID 2208 wrote to memory of 2052	2208	2a5106da344aca587cab9be21ded0759a7bbe65c4256e9ebe29a8a46fed2f21c.exe	29
PID 2208 wrote to memory of 2052	2208	2a5106da344aca587cab9be21ded0759a7bbe65c4256e9ebe29a8a46fed2f21c.exe	29
PID 2208 wrote to memory of 2052	2208	2a5106da344aca587cab9be21ded0759a7bbe65c4256e9ebe29a8a46fed2f21c.exe	29
PID 2208 wrote to memory of 2052	2208	2a5106da344aca587cab9be21ded0759a7bbe65c4256e9ebe29a8a46fed2f21c.exe	29
PID 2208 wrote to memory of 2052	2208	2a5106da344aca587cab9be21ded0759a7bbe65c4256e9ebe29a8a46fed2f21c.exe	29
PID 2208 wrote to memory of 2052	2208	2a5106da344aca587cab9be21ded0759a7bbe65c4256e9ebe29a8a46fed2f21c.exe	29
PID 2208 wrote to memory of 2052	2208	2a5106da344aca587cab9be21ded0759a7bbe65c4256e9ebe29a8a46fed2f21c.exe	29
PID 2208 wrote to memory of 2052	2208	2a5106da344aca587cab9be21ded0759a7bbe65c4256e9ebe29a8a46fed2f21c.exe	29
PID 2052 wrote to memory of 1944	2052	AppLaunch.exe	30
PID 2052 wrote to memory of 1944	2052	AppLaunch.exe	30
PID 2052 wrote to memory of 1944	2052	AppLaunch.exe	30
PID 2052 wrote to memory of 1944	2052	AppLaunch.exe	30
PID 2052 wrote to memory of 1944	2052	AppLaunch.exe	30
PID 2052 wrote to memory of 1944	2052	AppLaunch.exe	30
PID 2052 wrote to memory of 1944	2052	AppLaunch.exe	30

C:\Users\Admin\AppData\Local\Temp\2a5106da344aca587cab9be21ded0759a7bbe65c4256e9ebe29a8a46fed2f21c.exe
"C:\Users\Admin\AppData\Local\Temp\2a5106da344aca587cab9be21ded0759a7bbe65c4256e9ebe29a8a46fed2f21c.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2052
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 200
    3⤵
    - Program crash
    PID:1944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2052-0-0x0000000000400000-0x000000000053B000-memory.dmp

Filesize
1.2MB

Download
memory/2052-1-0x0000000000400000-0x000000000053B000-memory.dmp

Filesize
1.2MB

Download
memory/2052-2-0x0000000000400000-0x000000000053B000-memory.dmp

Filesize
1.2MB

Download
memory/2052-3-0x0000000000400000-0x000000000053B000-memory.dmp

Filesize
1.2MB

Download
memory/2052-5-0x0000000000400000-0x000000000053B000-memory.dmp

Filesize
1.2MB

Download
memory/2052-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2052-4-0x0000000000400000-0x000000000053B000-memory.dmp

Filesize
1.2MB

Download
memory/2052-7-0x0000000000400000-0x000000000053B000-memory.dmp

Filesize
1.2MB

Download
memory/2052-9-0x0000000000400000-0x000000000053B000-memory.dmp

Filesize
1.2MB

Download
memory/2052-11-0x0000000000400000-0x000000000053B000-memory.dmp

Filesize
1.2MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads