6f8e9477d54e48402791f83e2b6db395c3e6566ea83ad6af77f50b62025e1e58

Resubmissions

21-09-2023 07:16

230921-h3w9hsgb37 10

20-09-2023 03:34

230920-d45vtsdh6z 5

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
20-09-2023 03:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6f8e9477d54e48402791f83e2b6db395c3e6566ea83ad6af77f50b62025e1e58.exe
Size

1.1MB
MD5

f12fc309c458758c9d194ed3c8c586d7
SHA1

11ccf902dc324dfda56d958fde787f88057c3195
SHA256

6f8e9477d54e48402791f83e2b6db395c3e6566ea83ad6af77f50b62025e1e58
SHA512

9dcb225fd64b457c75d093f753d015ab0e43a4c1cdda80b3ef55f8927bb95f7d7afb20b339b9fb127e7250a308b006aef73590c7f854d0f6535165e8db3e5dfa
SSDEEP

12288:ENsowN2dA1IY9i4ytPDxZZZVf95Tjz8L2aB4vIubLkk8rkJa2EADdLCAW:6so62dA1h9i4ytXVX3dTaXAW

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2216 set thread context of 2088	2216	6f8e9477d54e48402791f83e2b6db395c3e6566ea83ad6af77f50b62025e1e58.exe	29

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3048	2216	WerFault.exe	27
2636	2088	WerFault.exe	29

Suspicious use of WriteProcessMemory 25 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 2088	2216	6f8e9477d54e48402791f83e2b6db395c3e6566ea83ad6af77f50b62025e1e58.exe	29
PID 2216 wrote to memory of 2088	2216	6f8e9477d54e48402791f83e2b6db395c3e6566ea83ad6af77f50b62025e1e58.exe	29
PID 2216 wrote to memory of 2088	2216	6f8e9477d54e48402791f83e2b6db395c3e6566ea83ad6af77f50b62025e1e58.exe	29
PID 2216 wrote to memory of 2088	2216	6f8e9477d54e48402791f83e2b6db395c3e6566ea83ad6af77f50b62025e1e58.exe	29
PID 2216 wrote to memory of 2088	2216	6f8e9477d54e48402791f83e2b6db395c3e6566ea83ad6af77f50b62025e1e58.exe	29
PID 2216 wrote to memory of 2088	2216	6f8e9477d54e48402791f83e2b6db395c3e6566ea83ad6af77f50b62025e1e58.exe	29
PID 2216 wrote to memory of 2088	2216	6f8e9477d54e48402791f83e2b6db395c3e6566ea83ad6af77f50b62025e1e58.exe	29
PID 2216 wrote to memory of 2088	2216	6f8e9477d54e48402791f83e2b6db395c3e6566ea83ad6af77f50b62025e1e58.exe	29
PID 2216 wrote to memory of 2088	2216	6f8e9477d54e48402791f83e2b6db395c3e6566ea83ad6af77f50b62025e1e58.exe	29
PID 2216 wrote to memory of 2088	2216	6f8e9477d54e48402791f83e2b6db395c3e6566ea83ad6af77f50b62025e1e58.exe	29
PID 2216 wrote to memory of 2088	2216	6f8e9477d54e48402791f83e2b6db395c3e6566ea83ad6af77f50b62025e1e58.exe	29
PID 2216 wrote to memory of 2088	2216	6f8e9477d54e48402791f83e2b6db395c3e6566ea83ad6af77f50b62025e1e58.exe	29
PID 2216 wrote to memory of 2088	2216	6f8e9477d54e48402791f83e2b6db395c3e6566ea83ad6af77f50b62025e1e58.exe	29
PID 2216 wrote to memory of 2088	2216	6f8e9477d54e48402791f83e2b6db395c3e6566ea83ad6af77f50b62025e1e58.exe	29
PID 2216 wrote to memory of 3048	2216	6f8e9477d54e48402791f83e2b6db395c3e6566ea83ad6af77f50b62025e1e58.exe	30
PID 2216 wrote to memory of 3048	2216	6f8e9477d54e48402791f83e2b6db395c3e6566ea83ad6af77f50b62025e1e58.exe	30
PID 2216 wrote to memory of 3048	2216	6f8e9477d54e48402791f83e2b6db395c3e6566ea83ad6af77f50b62025e1e58.exe	30
PID 2216 wrote to memory of 3048	2216	6f8e9477d54e48402791f83e2b6db395c3e6566ea83ad6af77f50b62025e1e58.exe	30
PID 2088 wrote to memory of 2636	2088	AppLaunch.exe	31
PID 2088 wrote to memory of 2636	2088	AppLaunch.exe	31
PID 2088 wrote to memory of 2636	2088	AppLaunch.exe	31
PID 2088 wrote to memory of 2636	2088	AppLaunch.exe	31
PID 2088 wrote to memory of 2636	2088	AppLaunch.exe	31
PID 2088 wrote to memory of 2636	2088	AppLaunch.exe	31
PID 2088 wrote to memory of 2636	2088	AppLaunch.exe	31

C:\Users\Admin\AppData\Local\Temp\6f8e9477d54e48402791f83e2b6db395c3e6566ea83ad6af77f50b62025e1e58.exe
"C:\Users\Admin\AppData\Local\Temp\6f8e9477d54e48402791f83e2b6db395c3e6566ea83ad6af77f50b62025e1e58.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2088
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 196
    3⤵
    - Program crash
    PID:2636
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 92
  2⤵
  - Program crash
  PID:3048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2088-1-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2088-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2088-2-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2088-3-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2088-4-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2088-5-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2088-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2088-7-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2088-9-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2088-11-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads