80e932fc3c2fe469154c678fb571fc9eb16efe32d28fbcfc3fe79abd8645fa18

Analysis

max time kernel
120s
max time network
139s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11/10/2023, 22:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

80e932fc3c2fe469154c678fb571fc9eb16efe32d28fbcfc3fe79abd8645fa18.exe
Size

364KB
MD5

4456fa6958bd60813d507768aaa91a30
SHA1

d75753ba5119d0964bc4a0975016f1f1ecc72ca1
SHA256

80e932fc3c2fe469154c678fb571fc9eb16efe32d28fbcfc3fe79abd8645fa18
SHA512

616ac946461dbe6cfd46bfa87ee16c86feba7a8b8a793737c0fcda2ce71078e9acf7982d3b91c0c36841e406d01220cf23125e25fe53bc5ebdc1366708e549a3
SSDEEP

6144:JS46fuYXChoQTjlFgLuCY1dRuAOlvFU4RpMbvO5Zc//S2w8y0:J3YzXChdTbv1buudvN//S2w8y

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2404 set thread context of 1860	2404	80e932fc3c2fe469154c678fb571fc9eb16efe32d28fbcfc3fe79abd8645fa18.exe	28

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2164	2404	WerFault.exe	19
2472	1860	WerFault.exe	28

Suspicious use of WriteProcessMemory 32 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 2092	2404	80e932fc3c2fe469154c678fb571fc9eb16efe32d28fbcfc3fe79abd8645fa18.exe	27
PID 2404 wrote to memory of 2092	2404	80e932fc3c2fe469154c678fb571fc9eb16efe32d28fbcfc3fe79abd8645fa18.exe	27
PID 2404 wrote to memory of 2092	2404	80e932fc3c2fe469154c678fb571fc9eb16efe32d28fbcfc3fe79abd8645fa18.exe	27
PID 2404 wrote to memory of 2092	2404	80e932fc3c2fe469154c678fb571fc9eb16efe32d28fbcfc3fe79abd8645fa18.exe	27
PID 2404 wrote to memory of 2092	2404	80e932fc3c2fe469154c678fb571fc9eb16efe32d28fbcfc3fe79abd8645fa18.exe	27
PID 2404 wrote to memory of 2092	2404	80e932fc3c2fe469154c678fb571fc9eb16efe32d28fbcfc3fe79abd8645fa18.exe	27
PID 2404 wrote to memory of 2092	2404	80e932fc3c2fe469154c678fb571fc9eb16efe32d28fbcfc3fe79abd8645fa18.exe	27
PID 2404 wrote to memory of 1860	2404	80e932fc3c2fe469154c678fb571fc9eb16efe32d28fbcfc3fe79abd8645fa18.exe	28
PID 2404 wrote to memory of 1860	2404	80e932fc3c2fe469154c678fb571fc9eb16efe32d28fbcfc3fe79abd8645fa18.exe	28
PID 2404 wrote to memory of 1860	2404	80e932fc3c2fe469154c678fb571fc9eb16efe32d28fbcfc3fe79abd8645fa18.exe	28
PID 2404 wrote to memory of 1860	2404	80e932fc3c2fe469154c678fb571fc9eb16efe32d28fbcfc3fe79abd8645fa18.exe	28
PID 2404 wrote to memory of 1860	2404	80e932fc3c2fe469154c678fb571fc9eb16efe32d28fbcfc3fe79abd8645fa18.exe	28
PID 2404 wrote to memory of 1860	2404	80e932fc3c2fe469154c678fb571fc9eb16efe32d28fbcfc3fe79abd8645fa18.exe	28
PID 2404 wrote to memory of 1860	2404	80e932fc3c2fe469154c678fb571fc9eb16efe32d28fbcfc3fe79abd8645fa18.exe	28
PID 2404 wrote to memory of 1860	2404	80e932fc3c2fe469154c678fb571fc9eb16efe32d28fbcfc3fe79abd8645fa18.exe	28
PID 2404 wrote to memory of 1860	2404	80e932fc3c2fe469154c678fb571fc9eb16efe32d28fbcfc3fe79abd8645fa18.exe	28
PID 2404 wrote to memory of 1860	2404	80e932fc3c2fe469154c678fb571fc9eb16efe32d28fbcfc3fe79abd8645fa18.exe	28
PID 2404 wrote to memory of 1860	2404	80e932fc3c2fe469154c678fb571fc9eb16efe32d28fbcfc3fe79abd8645fa18.exe	28
PID 2404 wrote to memory of 1860	2404	80e932fc3c2fe469154c678fb571fc9eb16efe32d28fbcfc3fe79abd8645fa18.exe	28
PID 2404 wrote to memory of 1860	2404	80e932fc3c2fe469154c678fb571fc9eb16efe32d28fbcfc3fe79abd8645fa18.exe	28
PID 2404 wrote to memory of 1860	2404	80e932fc3c2fe469154c678fb571fc9eb16efe32d28fbcfc3fe79abd8645fa18.exe	28
PID 1860 wrote to memory of 2472	1860	AppLaunch.exe	30
PID 1860 wrote to memory of 2472	1860	AppLaunch.exe	30
PID 1860 wrote to memory of 2472	1860	AppLaunch.exe	30
PID 1860 wrote to memory of 2472	1860	AppLaunch.exe	30
PID 1860 wrote to memory of 2472	1860	AppLaunch.exe	30
PID 1860 wrote to memory of 2472	1860	AppLaunch.exe	30
PID 1860 wrote to memory of 2472	1860	AppLaunch.exe	30
PID 2404 wrote to memory of 2164	2404	80e932fc3c2fe469154c678fb571fc9eb16efe32d28fbcfc3fe79abd8645fa18.exe	29
PID 2404 wrote to memory of 2164	2404	80e932fc3c2fe469154c678fb571fc9eb16efe32d28fbcfc3fe79abd8645fa18.exe	29
PID 2404 wrote to memory of 2164	2404	80e932fc3c2fe469154c678fb571fc9eb16efe32d28fbcfc3fe79abd8645fa18.exe	29
PID 2404 wrote to memory of 2164	2404	80e932fc3c2fe469154c678fb571fc9eb16efe32d28fbcfc3fe79abd8645fa18.exe	29

C:\Users\Admin\AppData\Local\Temp\80e932fc3c2fe469154c678fb571fc9eb16efe32d28fbcfc3fe79abd8645fa18.exe
"C:\Users\Admin\AppData\Local\Temp\80e932fc3c2fe469154c678fb571fc9eb16efe32d28fbcfc3fe79abd8645fa18.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:2092
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1860
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 196
    3⤵
    - Program crash
    PID:2472
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 60
  2⤵
  - Program crash
  PID:2164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1860-0-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1860-2-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1860-1-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1860-3-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1860-5-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1860-4-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1860-7-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1860-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/1860-9-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1860-11-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads