5df66379868e1cee7f828547c5fb163b5c1379c4f1b58fca7edf365c46d6c317

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
02/10/2023, 07:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

86a8b0777e2da271cbb1654284683cdf35a77a74faae92dd15bdd850a0921c99.exe
Size

304KB
MD5

8998e4c7a7f4fb19eeedf300cc1c03c8
SHA1

6f4467bd755635d7de424848dce5f6ac8520ba5c
SHA256

86a8b0777e2da271cbb1654284683cdf35a77a74faae92dd15bdd850a0921c99
SHA512

2cdce97a099a98c2705735f35c6aacba71b5242315f0b1018ec81bd788f32fe9f7877020aeea744c8d7f5f29c8583b7c8d82d8a8bb68352936abb8379fca8cc4
SSDEEP

6144:HB8YqnD2xsILYMOG1PiSt8IYZh6QQiHl5RCJN28PTfWTRX8:HwD2xsILYqUSthYZh61+nCJN28PyTRX8

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2244 set thread context of 1956	2244	86a8b0777e2da271cbb1654284683cdf35a77a74faae92dd15bdd850a0921c99.exe	29

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2292	2244	WerFault.exe	27
2580	1956	WerFault.exe	29

Suspicious use of WriteProcessMemory 25 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 1956	2244	86a8b0777e2da271cbb1654284683cdf35a77a74faae92dd15bdd850a0921c99.exe	29
PID 2244 wrote to memory of 1956	2244	86a8b0777e2da271cbb1654284683cdf35a77a74faae92dd15bdd850a0921c99.exe	29
PID 2244 wrote to memory of 1956	2244	86a8b0777e2da271cbb1654284683cdf35a77a74faae92dd15bdd850a0921c99.exe	29
PID 2244 wrote to memory of 1956	2244	86a8b0777e2da271cbb1654284683cdf35a77a74faae92dd15bdd850a0921c99.exe	29
PID 2244 wrote to memory of 1956	2244	86a8b0777e2da271cbb1654284683cdf35a77a74faae92dd15bdd850a0921c99.exe	29
PID 2244 wrote to memory of 1956	2244	86a8b0777e2da271cbb1654284683cdf35a77a74faae92dd15bdd850a0921c99.exe	29
PID 2244 wrote to memory of 1956	2244	86a8b0777e2da271cbb1654284683cdf35a77a74faae92dd15bdd850a0921c99.exe	29
PID 2244 wrote to memory of 1956	2244	86a8b0777e2da271cbb1654284683cdf35a77a74faae92dd15bdd850a0921c99.exe	29
PID 2244 wrote to memory of 1956	2244	86a8b0777e2da271cbb1654284683cdf35a77a74faae92dd15bdd850a0921c99.exe	29
PID 2244 wrote to memory of 1956	2244	86a8b0777e2da271cbb1654284683cdf35a77a74faae92dd15bdd850a0921c99.exe	29
PID 2244 wrote to memory of 1956	2244	86a8b0777e2da271cbb1654284683cdf35a77a74faae92dd15bdd850a0921c99.exe	29
PID 2244 wrote to memory of 1956	2244	86a8b0777e2da271cbb1654284683cdf35a77a74faae92dd15bdd850a0921c99.exe	29
PID 2244 wrote to memory of 1956	2244	86a8b0777e2da271cbb1654284683cdf35a77a74faae92dd15bdd850a0921c99.exe	29
PID 2244 wrote to memory of 1956	2244	86a8b0777e2da271cbb1654284683cdf35a77a74faae92dd15bdd850a0921c99.exe	29
PID 2244 wrote to memory of 2292	2244	86a8b0777e2da271cbb1654284683cdf35a77a74faae92dd15bdd850a0921c99.exe	30
PID 2244 wrote to memory of 2292	2244	86a8b0777e2da271cbb1654284683cdf35a77a74faae92dd15bdd850a0921c99.exe	30
PID 2244 wrote to memory of 2292	2244	86a8b0777e2da271cbb1654284683cdf35a77a74faae92dd15bdd850a0921c99.exe	30
PID 2244 wrote to memory of 2292	2244	86a8b0777e2da271cbb1654284683cdf35a77a74faae92dd15bdd850a0921c99.exe	30
PID 1956 wrote to memory of 2580	1956	AppLaunch.exe	31
PID 1956 wrote to memory of 2580	1956	AppLaunch.exe	31
PID 1956 wrote to memory of 2580	1956	AppLaunch.exe	31
PID 1956 wrote to memory of 2580	1956	AppLaunch.exe	31
PID 1956 wrote to memory of 2580	1956	AppLaunch.exe	31
PID 1956 wrote to memory of 2580	1956	AppLaunch.exe	31
PID 1956 wrote to memory of 2580	1956	AppLaunch.exe	31

C:\Users\Admin\AppData\Local\Temp\86a8b0777e2da271cbb1654284683cdf35a77a74faae92dd15bdd850a0921c99.exe
"C:\Users\Admin\AppData\Local\Temp\86a8b0777e2da271cbb1654284683cdf35a77a74faae92dd15bdd850a0921c99.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1956
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 196
    3⤵
    - Program crash
    PID:2580
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 136
  2⤵
  - Program crash
  PID:2292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1956-2-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1956-3-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1956-0-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1956-1-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1956-7-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1956-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/1956-5-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1956-4-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1956-9-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1956-11-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads