f6116442a2973862c838effc2b1296f0435e1233caf64c32c0d3ae9feb9d2834

Analysis

max time kernel
121s
max time network
133s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11/10/2023, 22:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f6116442a2973862c838effc2b1296f0435e1233caf64c32c0d3ae9feb9d2834_JC.exe
Size

695KB
MD5

ce0aa245546b4388c31e265389630022
SHA1

45a16a59a2047b88942afe8656e439bd18242c37
SHA256

f6116442a2973862c838effc2b1296f0435e1233caf64c32c0d3ae9feb9d2834
SHA512

c9d1f4170c06cf59a2c20f310efbb7c21c052d1f5d494a06e5d4ad92e2c519d16e9641c36f0c0a4193daf1f0fec1ce535930f0b1986b2b22a3d2f8fc8de734c2
SSDEEP

12288:9P/gohZVucQ5qfICJSHSsPe5A96RPYw9l:dgQ7pJCSsPEW4

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2068 set thread context of 2192	2068	f6116442a2973862c838effc2b1296f0435e1233caf64c32c0d3ae9feb9d2834_JC.exe	31

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1908	2068	WerFault.exe	14
1284	2192	WerFault.exe	31

Suspicious use of WriteProcessMemory 25 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 2192	2068	f6116442a2973862c838effc2b1296f0435e1233caf64c32c0d3ae9feb9d2834_JC.exe	31
PID 2068 wrote to memory of 2192	2068	f6116442a2973862c838effc2b1296f0435e1233caf64c32c0d3ae9feb9d2834_JC.exe	31
PID 2068 wrote to memory of 2192	2068	f6116442a2973862c838effc2b1296f0435e1233caf64c32c0d3ae9feb9d2834_JC.exe	31
PID 2068 wrote to memory of 2192	2068	f6116442a2973862c838effc2b1296f0435e1233caf64c32c0d3ae9feb9d2834_JC.exe	31
PID 2068 wrote to memory of 2192	2068	f6116442a2973862c838effc2b1296f0435e1233caf64c32c0d3ae9feb9d2834_JC.exe	31
PID 2068 wrote to memory of 2192	2068	f6116442a2973862c838effc2b1296f0435e1233caf64c32c0d3ae9feb9d2834_JC.exe	31
PID 2068 wrote to memory of 2192	2068	f6116442a2973862c838effc2b1296f0435e1233caf64c32c0d3ae9feb9d2834_JC.exe	31
PID 2068 wrote to memory of 2192	2068	f6116442a2973862c838effc2b1296f0435e1233caf64c32c0d3ae9feb9d2834_JC.exe	31
PID 2068 wrote to memory of 2192	2068	f6116442a2973862c838effc2b1296f0435e1233caf64c32c0d3ae9feb9d2834_JC.exe	31
PID 2068 wrote to memory of 2192	2068	f6116442a2973862c838effc2b1296f0435e1233caf64c32c0d3ae9feb9d2834_JC.exe	31
PID 2068 wrote to memory of 2192	2068	f6116442a2973862c838effc2b1296f0435e1233caf64c32c0d3ae9feb9d2834_JC.exe	31
PID 2068 wrote to memory of 2192	2068	f6116442a2973862c838effc2b1296f0435e1233caf64c32c0d3ae9feb9d2834_JC.exe	31
PID 2068 wrote to memory of 2192	2068	f6116442a2973862c838effc2b1296f0435e1233caf64c32c0d3ae9feb9d2834_JC.exe	31
PID 2068 wrote to memory of 2192	2068	f6116442a2973862c838effc2b1296f0435e1233caf64c32c0d3ae9feb9d2834_JC.exe	31
PID 2068 wrote to memory of 1908	2068	f6116442a2973862c838effc2b1296f0435e1233caf64c32c0d3ae9feb9d2834_JC.exe	32
PID 2068 wrote to memory of 1908	2068	f6116442a2973862c838effc2b1296f0435e1233caf64c32c0d3ae9feb9d2834_JC.exe	32
PID 2068 wrote to memory of 1908	2068	f6116442a2973862c838effc2b1296f0435e1233caf64c32c0d3ae9feb9d2834_JC.exe	32
PID 2068 wrote to memory of 1908	2068	f6116442a2973862c838effc2b1296f0435e1233caf64c32c0d3ae9feb9d2834_JC.exe	32
PID 2192 wrote to memory of 1284	2192	AppLaunch.exe	33
PID 2192 wrote to memory of 1284	2192	AppLaunch.exe	33
PID 2192 wrote to memory of 1284	2192	AppLaunch.exe	33
PID 2192 wrote to memory of 1284	2192	AppLaunch.exe	33
PID 2192 wrote to memory of 1284	2192	AppLaunch.exe	33
PID 2192 wrote to memory of 1284	2192	AppLaunch.exe	33
PID 2192 wrote to memory of 1284	2192	AppLaunch.exe	33

C:\Users\Admin\AppData\Local\Temp\f6116442a2973862c838effc2b1296f0435e1233caf64c32c0d3ae9feb9d2834_JC.exe
"C:\Users\Admin\AppData\Local\Temp\f6116442a2973862c838effc2b1296f0435e1233caf64c32c0d3ae9feb9d2834_JC.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2192
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 196
    3⤵
    - Program crash
    PID:1284
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 92
  2⤵
  - Program crash
  PID:1908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2192-1-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2192-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2192-2-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2192-3-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2192-5-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2192-4-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2192-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2192-7-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2192-9-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2192-11-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads