5fce446362c69d72f8463d768a560d6dd2f1af6ee93dd411fdb2dd43f494e75c

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
22/09/2023, 04:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5fce446362c69d72f8463d768a560d6dd2f1af6ee93dd411fdb2dd43f494e75c.exe
Size

700KB
MD5

851b7e218049d28c98a283f01941d211
SHA1

c5badef55908c54ad31d4b775e278ac60cbcaa1f
SHA256

5fce446362c69d72f8463d768a560d6dd2f1af6ee93dd411fdb2dd43f494e75c
SHA512

7875c243065360cd56a2675e8813fca19caa9f312c6d5a051635e2a49666df05959b0408698a5576083472fb87180150c16ed270ffa16a7096cbdd788d611520
SSDEEP

6144:y6vPALOgBE8y8wl5zNci/6VucQZAu7oWGhYCm9WgPEp+vfsr:LgOgxyKVucQZAucWa1uEtr

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2196 set thread context of 2756	2196	5fce446362c69d72f8463d768a560d6dd2f1af6ee93dd411fdb2dd43f494e75c.exe	29

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2612	2196	WerFault.exe	27
2692	2756	WerFault.exe	29

Suspicious use of WriteProcessMemory 25 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 2756	2196	5fce446362c69d72f8463d768a560d6dd2f1af6ee93dd411fdb2dd43f494e75c.exe	29
PID 2196 wrote to memory of 2756	2196	5fce446362c69d72f8463d768a560d6dd2f1af6ee93dd411fdb2dd43f494e75c.exe	29
PID 2196 wrote to memory of 2756	2196	5fce446362c69d72f8463d768a560d6dd2f1af6ee93dd411fdb2dd43f494e75c.exe	29
PID 2196 wrote to memory of 2756	2196	5fce446362c69d72f8463d768a560d6dd2f1af6ee93dd411fdb2dd43f494e75c.exe	29
PID 2196 wrote to memory of 2756	2196	5fce446362c69d72f8463d768a560d6dd2f1af6ee93dd411fdb2dd43f494e75c.exe	29
PID 2196 wrote to memory of 2756	2196	5fce446362c69d72f8463d768a560d6dd2f1af6ee93dd411fdb2dd43f494e75c.exe	29
PID 2196 wrote to memory of 2756	2196	5fce446362c69d72f8463d768a560d6dd2f1af6ee93dd411fdb2dd43f494e75c.exe	29
PID 2196 wrote to memory of 2756	2196	5fce446362c69d72f8463d768a560d6dd2f1af6ee93dd411fdb2dd43f494e75c.exe	29
PID 2196 wrote to memory of 2756	2196	5fce446362c69d72f8463d768a560d6dd2f1af6ee93dd411fdb2dd43f494e75c.exe	29
PID 2196 wrote to memory of 2756	2196	5fce446362c69d72f8463d768a560d6dd2f1af6ee93dd411fdb2dd43f494e75c.exe	29
PID 2196 wrote to memory of 2756	2196	5fce446362c69d72f8463d768a560d6dd2f1af6ee93dd411fdb2dd43f494e75c.exe	29
PID 2196 wrote to memory of 2756	2196	5fce446362c69d72f8463d768a560d6dd2f1af6ee93dd411fdb2dd43f494e75c.exe	29
PID 2196 wrote to memory of 2756	2196	5fce446362c69d72f8463d768a560d6dd2f1af6ee93dd411fdb2dd43f494e75c.exe	29
PID 2196 wrote to memory of 2756	2196	5fce446362c69d72f8463d768a560d6dd2f1af6ee93dd411fdb2dd43f494e75c.exe	29
PID 2196 wrote to memory of 2612	2196	5fce446362c69d72f8463d768a560d6dd2f1af6ee93dd411fdb2dd43f494e75c.exe	30
PID 2196 wrote to memory of 2612	2196	5fce446362c69d72f8463d768a560d6dd2f1af6ee93dd411fdb2dd43f494e75c.exe	30
PID 2196 wrote to memory of 2612	2196	5fce446362c69d72f8463d768a560d6dd2f1af6ee93dd411fdb2dd43f494e75c.exe	30
PID 2196 wrote to memory of 2612	2196	5fce446362c69d72f8463d768a560d6dd2f1af6ee93dd411fdb2dd43f494e75c.exe	30
PID 2756 wrote to memory of 2692	2756	AppLaunch.exe	31
PID 2756 wrote to memory of 2692	2756	AppLaunch.exe	31
PID 2756 wrote to memory of 2692	2756	AppLaunch.exe	31
PID 2756 wrote to memory of 2692	2756	AppLaunch.exe	31
PID 2756 wrote to memory of 2692	2756	AppLaunch.exe	31
PID 2756 wrote to memory of 2692	2756	AppLaunch.exe	31
PID 2756 wrote to memory of 2692	2756	AppLaunch.exe	31

C:\Users\Admin\AppData\Local\Temp\5fce446362c69d72f8463d768a560d6dd2f1af6ee93dd411fdb2dd43f494e75c.exe
"C:\Users\Admin\AppData\Local\Temp\5fce446362c69d72f8463d768a560d6dd2f1af6ee93dd411fdb2dd43f494e75c.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2756
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 196
    3⤵
    - Program crash
    PID:2692
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 92
  2⤵
  - Program crash
  PID:2612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2756-1-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2756-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2756-2-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2756-4-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2756-6-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2756-8-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2756-10-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2756-11-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2756-13-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2756-15-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads