43c9d5192e280fb9c969d3a50b015b0f573e092ff9d78c4f96bf324124eac468

Analysis

max time kernel
118s
max time network
125s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 21:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43c9d5192e280fb9c969d3a50b015b0f573e092ff9d78c4f96bf324124eac468.exe
Size

396KB
MD5

d264869406b4cb09110b6b8af5456b37
SHA1

bdbbd0bc70c9c2dd1b667e475fcf61479c3ce2aa
SHA256

43c9d5192e280fb9c969d3a50b015b0f573e092ff9d78c4f96bf324124eac468
SHA512

b3f8b707774f15acae65e4a8bf0c85fdc18a64a0e17226de845383aa6bce41a49b85e20539ba5e0351621ccd374eb07d4f7c990c43d707a7865f4114de9ea597
SSDEEP

12288:TNcdqW5sEe2uusc5vWDGS1/Q6oCmNtIDU7mhol8Mwh:TNct5vv5XS1/Q0mNtIDU7mholWh

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2288 set thread context of 1308	2288	43c9d5192e280fb9c969d3a50b015b0f573e092ff9d78c4f96bf324124eac468.exe	28

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2224	2288	WerFault.exe	27
2324	1308	WerFault.exe	28

Suspicious use of WriteProcessMemory 25 IoCs

description	pid	Process	procid_target
PID 2288 wrote to memory of 1308	2288	43c9d5192e280fb9c969d3a50b015b0f573e092ff9d78c4f96bf324124eac468.exe	28
PID 2288 wrote to memory of 1308	2288	43c9d5192e280fb9c969d3a50b015b0f573e092ff9d78c4f96bf324124eac468.exe	28
PID 2288 wrote to memory of 1308	2288	43c9d5192e280fb9c969d3a50b015b0f573e092ff9d78c4f96bf324124eac468.exe	28
PID 2288 wrote to memory of 1308	2288	43c9d5192e280fb9c969d3a50b015b0f573e092ff9d78c4f96bf324124eac468.exe	28
PID 2288 wrote to memory of 1308	2288	43c9d5192e280fb9c969d3a50b015b0f573e092ff9d78c4f96bf324124eac468.exe	28
PID 2288 wrote to memory of 1308	2288	43c9d5192e280fb9c969d3a50b015b0f573e092ff9d78c4f96bf324124eac468.exe	28
PID 2288 wrote to memory of 1308	2288	43c9d5192e280fb9c969d3a50b015b0f573e092ff9d78c4f96bf324124eac468.exe	28
PID 2288 wrote to memory of 1308	2288	43c9d5192e280fb9c969d3a50b015b0f573e092ff9d78c4f96bf324124eac468.exe	28
PID 2288 wrote to memory of 1308	2288	43c9d5192e280fb9c969d3a50b015b0f573e092ff9d78c4f96bf324124eac468.exe	28
PID 2288 wrote to memory of 1308	2288	43c9d5192e280fb9c969d3a50b015b0f573e092ff9d78c4f96bf324124eac468.exe	28
PID 2288 wrote to memory of 1308	2288	43c9d5192e280fb9c969d3a50b015b0f573e092ff9d78c4f96bf324124eac468.exe	28
PID 2288 wrote to memory of 1308	2288	43c9d5192e280fb9c969d3a50b015b0f573e092ff9d78c4f96bf324124eac468.exe	28
PID 2288 wrote to memory of 1308	2288	43c9d5192e280fb9c969d3a50b015b0f573e092ff9d78c4f96bf324124eac468.exe	28
PID 2288 wrote to memory of 1308	2288	43c9d5192e280fb9c969d3a50b015b0f573e092ff9d78c4f96bf324124eac468.exe	28
PID 2288 wrote to memory of 2224	2288	43c9d5192e280fb9c969d3a50b015b0f573e092ff9d78c4f96bf324124eac468.exe	29
PID 2288 wrote to memory of 2224	2288	43c9d5192e280fb9c969d3a50b015b0f573e092ff9d78c4f96bf324124eac468.exe	29
PID 2288 wrote to memory of 2224	2288	43c9d5192e280fb9c969d3a50b015b0f573e092ff9d78c4f96bf324124eac468.exe	29
PID 2288 wrote to memory of 2224	2288	43c9d5192e280fb9c969d3a50b015b0f573e092ff9d78c4f96bf324124eac468.exe	29
PID 1308 wrote to memory of 2324	1308	AppLaunch.exe	30
PID 1308 wrote to memory of 2324	1308	AppLaunch.exe	30
PID 1308 wrote to memory of 2324	1308	AppLaunch.exe	30
PID 1308 wrote to memory of 2324	1308	AppLaunch.exe	30
PID 1308 wrote to memory of 2324	1308	AppLaunch.exe	30
PID 1308 wrote to memory of 2324	1308	AppLaunch.exe	30
PID 1308 wrote to memory of 2324	1308	AppLaunch.exe	30

C:\Users\Admin\AppData\Local\Temp\43c9d5192e280fb9c969d3a50b015b0f573e092ff9d78c4f96bf324124eac468.exe
"C:\Users\Admin\AppData\Local\Temp\43c9d5192e280fb9c969d3a50b015b0f573e092ff9d78c4f96bf324124eac468.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2288
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1308
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 196
    3⤵
    - Program crash
    PID:2324
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 52
  2⤵
  - Program crash
  PID:2224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1308-0-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1308-1-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1308-2-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1308-3-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1308-4-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1308-5-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1308-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/1308-7-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1308-9-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1308-11-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads