90d540d07d0831a8bbf93e8340fbcf52f6338167771a314e462ed8c59b6ae121

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 21:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

90d540d07d0831a8bbf93e8340fbcf52f6338167771a314e462ed8c59b6ae121.exe
Size

396KB
MD5

dbf5edf93c88dc0a7bc356717d1e898e
SHA1

197ddf93e3b1babab84977a8cda9a235ceb76482
SHA256

90d540d07d0831a8bbf93e8340fbcf52f6338167771a314e462ed8c59b6ae121
SHA512

1407ddf17e277656d8f534746d9804e97d5aedd9fc98ebc37cf244156cdec8656675bd109d9645c0ca7cb109ab7ef500f6e3c3a09de67747685983f7b5725430
SSDEEP

6144:3NahUOqW5XJ6EDOpvOCm5MNuAOWXbTcLTOm6NptKsMMg4BQXNynsOqwh:3NkdqW5sEe2uuYLT2TD/sBQXNyn4wh

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2976 set thread context of 1672	2976	90d540d07d0831a8bbf93e8340fbcf52f6338167771a314e462ed8c59b6ae121.exe	29

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3024	2976	WerFault.exe	27
1896	1672	WerFault.exe	29

Suspicious use of WriteProcessMemory 32 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 2856	2976	90d540d07d0831a8bbf93e8340fbcf52f6338167771a314e462ed8c59b6ae121.exe	28
PID 2976 wrote to memory of 2856	2976	90d540d07d0831a8bbf93e8340fbcf52f6338167771a314e462ed8c59b6ae121.exe	28
PID 2976 wrote to memory of 2856	2976	90d540d07d0831a8bbf93e8340fbcf52f6338167771a314e462ed8c59b6ae121.exe	28
PID 2976 wrote to memory of 2856	2976	90d540d07d0831a8bbf93e8340fbcf52f6338167771a314e462ed8c59b6ae121.exe	28
PID 2976 wrote to memory of 2856	2976	90d540d07d0831a8bbf93e8340fbcf52f6338167771a314e462ed8c59b6ae121.exe	28
PID 2976 wrote to memory of 2856	2976	90d540d07d0831a8bbf93e8340fbcf52f6338167771a314e462ed8c59b6ae121.exe	28
PID 2976 wrote to memory of 2856	2976	90d540d07d0831a8bbf93e8340fbcf52f6338167771a314e462ed8c59b6ae121.exe	28
PID 2976 wrote to memory of 1672	2976	90d540d07d0831a8bbf93e8340fbcf52f6338167771a314e462ed8c59b6ae121.exe	29
PID 2976 wrote to memory of 1672	2976	90d540d07d0831a8bbf93e8340fbcf52f6338167771a314e462ed8c59b6ae121.exe	29
PID 2976 wrote to memory of 1672	2976	90d540d07d0831a8bbf93e8340fbcf52f6338167771a314e462ed8c59b6ae121.exe	29
PID 2976 wrote to memory of 1672	2976	90d540d07d0831a8bbf93e8340fbcf52f6338167771a314e462ed8c59b6ae121.exe	29
PID 2976 wrote to memory of 1672	2976	90d540d07d0831a8bbf93e8340fbcf52f6338167771a314e462ed8c59b6ae121.exe	29
PID 2976 wrote to memory of 1672	2976	90d540d07d0831a8bbf93e8340fbcf52f6338167771a314e462ed8c59b6ae121.exe	29
PID 2976 wrote to memory of 1672	2976	90d540d07d0831a8bbf93e8340fbcf52f6338167771a314e462ed8c59b6ae121.exe	29
PID 2976 wrote to memory of 1672	2976	90d540d07d0831a8bbf93e8340fbcf52f6338167771a314e462ed8c59b6ae121.exe	29
PID 2976 wrote to memory of 1672	2976	90d540d07d0831a8bbf93e8340fbcf52f6338167771a314e462ed8c59b6ae121.exe	29
PID 2976 wrote to memory of 1672	2976	90d540d07d0831a8bbf93e8340fbcf52f6338167771a314e462ed8c59b6ae121.exe	29
PID 2976 wrote to memory of 1672	2976	90d540d07d0831a8bbf93e8340fbcf52f6338167771a314e462ed8c59b6ae121.exe	29
PID 2976 wrote to memory of 1672	2976	90d540d07d0831a8bbf93e8340fbcf52f6338167771a314e462ed8c59b6ae121.exe	29
PID 2976 wrote to memory of 1672	2976	90d540d07d0831a8bbf93e8340fbcf52f6338167771a314e462ed8c59b6ae121.exe	29
PID 2976 wrote to memory of 1672	2976	90d540d07d0831a8bbf93e8340fbcf52f6338167771a314e462ed8c59b6ae121.exe	29
PID 2976 wrote to memory of 3024	2976	90d540d07d0831a8bbf93e8340fbcf52f6338167771a314e462ed8c59b6ae121.exe	30
PID 2976 wrote to memory of 3024	2976	90d540d07d0831a8bbf93e8340fbcf52f6338167771a314e462ed8c59b6ae121.exe	30
PID 2976 wrote to memory of 3024	2976	90d540d07d0831a8bbf93e8340fbcf52f6338167771a314e462ed8c59b6ae121.exe	30
PID 2976 wrote to memory of 3024	2976	90d540d07d0831a8bbf93e8340fbcf52f6338167771a314e462ed8c59b6ae121.exe	30
PID 1672 wrote to memory of 1896	1672	AppLaunch.exe	31
PID 1672 wrote to memory of 1896	1672	AppLaunch.exe	31
PID 1672 wrote to memory of 1896	1672	AppLaunch.exe	31
PID 1672 wrote to memory of 1896	1672	AppLaunch.exe	31
PID 1672 wrote to memory of 1896	1672	AppLaunch.exe	31
PID 1672 wrote to memory of 1896	1672	AppLaunch.exe	31
PID 1672 wrote to memory of 1896	1672	AppLaunch.exe	31

C:\Users\Admin\AppData\Local\Temp\90d540d07d0831a8bbf93e8340fbcf52f6338167771a314e462ed8c59b6ae121.exe
"C:\Users\Admin\AppData\Local\Temp\90d540d07d0831a8bbf93e8340fbcf52f6338167771a314e462ed8c59b6ae121.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:2856
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1672
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 196
    3⤵
    - Program crash
    PID:1896
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 60
  2⤵
  - Program crash
  PID:3024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1672-0-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1672-1-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1672-2-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1672-3-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1672-4-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1672-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/1672-5-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1672-7-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1672-9-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1672-11-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads