Overview

overview

5

Static

static

1

091154b088...e6.exe

windows7-x64

5

091154b088...e6.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    240s
  • max time network
    284s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2023, 08:28

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    091154b0884cf596352e8651ed633a61b81eb34f1f3c08edc76baab60c8ea6e6.exe

  • Size

    448KB

  • MD5

    53f51acbcc9b1291e5b8d774f83a59bf

  • SHA1

    d363e6e06a954dee5486d62ec28834854433c8fb

  • SHA256

    091154b0884cf596352e8651ed633a61b81eb34f1f3c08edc76baab60c8ea6e6

  • SHA512

    66138d602818aeba7b3815029d67c4c0422961e4740cc81cad0b92936b2cda50724bf49886d503dca39873bd286d4e4290863c2146ab9fcae48e1f2ed4d38732

  • SSDEEP

    6144:M1dtksdma7XKyTR38E1gESHyZqAOBhXh32/0/6AljTSnWF/Tl4eT7Ptn5:mdGsoarKU3zToF+0/rl3GW5TlR7

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 2 IoCs
  • Suspicious use of WriteProcessMemory 25 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\091154b0884cf596352e8651ed633a61b81eb34f1f3c08edc76baab60c8ea6e6.exe
    "C:\Users\Admin\AppData\Local\Temp\091154b0884cf596352e8651ed633a61b81eb34f1f3c08edc76baab60c8ea6e6.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2476
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2740
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 196
        3⤵
        • Program crash
        PID:2524
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 136
      2⤵
      • Program crash
      PID:2980

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2740-0-0x0000000000400000-0x0000000000433000-memory.dmp

          Filesize

          204KB

          Download

        • memory/2740-1-0x0000000000400000-0x0000000000433000-memory.dmp

          Filesize

          204KB

          Download

        • memory/2740-2-0x0000000000400000-0x0000000000433000-memory.dmp

          Filesize

          204KB

          Download

        • memory/2740-3-0x0000000000400000-0x0000000000433000-memory.dmp

          Filesize

          204KB

          Download

        • memory/2740-4-0x0000000000400000-0x0000000000433000-memory.dmp

          Filesize

          204KB

          Download

        • memory/2740-5-0x0000000000400000-0x0000000000433000-memory.dmp

          Filesize

          204KB

          Download

        • memory/2740-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2740-7-0x0000000000400000-0x0000000000433000-memory.dmp

          Filesize

          204KB

          Download

        • memory/2740-9-0x0000000000400000-0x0000000000433000-memory.dmp

          Filesize

          204KB

          Download

        • memory/2740-12-0x0000000000400000-0x0000000000433000-memory.dmp

          Filesize

          204KB

          Download