Analysis
-
max time kernel
118s -
max time network
128s -
platform
windows10-1703_x64 -
resource
win10-20230915-en -
resource tags
arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system -
submitted
03-10-2023 19:23
Static task
static1
1 signatures
General
-
Target
55b9952555c7f66b3707f0b2e2b69c59fa05a0764500834ea11fe5c86f2da9b3.exe
-
Size
1.4MB
-
MD5
627dd0871cca7e8f91081c1e57729ded
-
SHA1
e30267dade60f2123fae8406c27695b4f56cb9b5
-
SHA256
55b9952555c7f66b3707f0b2e2b69c59fa05a0764500834ea11fe5c86f2da9b3
-
SHA512
4bae00d32283b81462e72f81fd8e95a6df29620da04ce749f70ec13a974d56db3a93cc0c2b7fd8083064c93cd2d97f52698a98f71c051db1d4e8c6e6a760c88b
-
SSDEEP
12288:FiOU3sJoAMErCuOVb9X6a9DhvhNDDPGnbZMYLFbj:FusJo8g6a9DhvhVuv
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 1168 set thread context of 3108 1168 55b9952555c7f66b3707f0b2e2b69c59fa05a0764500834ea11fe5c86f2da9b3.exe 70 -
Program crash 1 IoCs
pid pid_target Process procid_target 2036 1168 WerFault.exe 68 -
Suspicious use of WriteProcessMemory 10 IoCs
description pid Process procid_target PID 1168 wrote to memory of 3108 1168 55b9952555c7f66b3707f0b2e2b69c59fa05a0764500834ea11fe5c86f2da9b3.exe 70 PID 1168 wrote to memory of 3108 1168 55b9952555c7f66b3707f0b2e2b69c59fa05a0764500834ea11fe5c86f2da9b3.exe 70 PID 1168 wrote to memory of 3108 1168 55b9952555c7f66b3707f0b2e2b69c59fa05a0764500834ea11fe5c86f2da9b3.exe 70 PID 1168 wrote to memory of 3108 1168 55b9952555c7f66b3707f0b2e2b69c59fa05a0764500834ea11fe5c86f2da9b3.exe 70 PID 1168 wrote to memory of 3108 1168 55b9952555c7f66b3707f0b2e2b69c59fa05a0764500834ea11fe5c86f2da9b3.exe 70 PID 1168 wrote to memory of 3108 1168 55b9952555c7f66b3707f0b2e2b69c59fa05a0764500834ea11fe5c86f2da9b3.exe 70 PID 1168 wrote to memory of 3108 1168 55b9952555c7f66b3707f0b2e2b69c59fa05a0764500834ea11fe5c86f2da9b3.exe 70 PID 1168 wrote to memory of 3108 1168 55b9952555c7f66b3707f0b2e2b69c59fa05a0764500834ea11fe5c86f2da9b3.exe 70 PID 1168 wrote to memory of 3108 1168 55b9952555c7f66b3707f0b2e2b69c59fa05a0764500834ea11fe5c86f2da9b3.exe 70 PID 1168 wrote to memory of 3108 1168 55b9952555c7f66b3707f0b2e2b69c59fa05a0764500834ea11fe5c86f2da9b3.exe 70
Processes
-
C:\Users\Admin\AppData\Local\Temp\55b9952555c7f66b3707f0b2e2b69c59fa05a0764500834ea11fe5c86f2da9b3.exe"C:\Users\Admin\AppData\Local\Temp\55b9952555c7f66b3707f0b2e2b69c59fa05a0764500834ea11fe5c86f2da9b3.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1168 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"2⤵PID:3108
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 1442⤵
- Program crash
PID:2036
-