a23f4242a76cee5433ded21e591af5e1973bb00c561b089256ceff69d154eb06

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11/10/2023, 19:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a23f4242a76cee5433ded21e591af5e1973bb00c561b089256ceff69d154eb06_JC.exe
Size

396KB
MD5

e33a19d21076734b8a8a7e372dab61ae
SHA1

509b1cf993fe3b1e36832ce47e3300ebb26a9be9
SHA256

a23f4242a76cee5433ded21e591af5e1973bb00c561b089256ceff69d154eb06
SHA512

3973d2b661c1f2ec4c008929f63394ea273c209a5c4a134c2ee7f5d57080c3c5a90ab7b09fefe54e6b55446f86dce451b91997dea7f259f696f6a19e79486097
SSDEEP

6144:4NohUOqW5XJ6EDOpvOCm5MNuAONHdSDqVCeyvOAGr2JtbpJ8c62KVqwh:4NOdqW5sEe2uujHYDqMeyvOA1bLhKUwh

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2224 set thread context of 1708	2224	a23f4242a76cee5433ded21e591af5e1973bb00c561b089256ceff69d154eb06_JC.exe	29

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2584	2224	WerFault.exe	28
2312	1708	WerFault.exe	29

Suspicious use of WriteProcessMemory 25 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 1708	2224	a23f4242a76cee5433ded21e591af5e1973bb00c561b089256ceff69d154eb06_JC.exe	29
PID 2224 wrote to memory of 1708	2224	a23f4242a76cee5433ded21e591af5e1973bb00c561b089256ceff69d154eb06_JC.exe	29
PID 2224 wrote to memory of 1708	2224	a23f4242a76cee5433ded21e591af5e1973bb00c561b089256ceff69d154eb06_JC.exe	29
PID 2224 wrote to memory of 1708	2224	a23f4242a76cee5433ded21e591af5e1973bb00c561b089256ceff69d154eb06_JC.exe	29
PID 2224 wrote to memory of 1708	2224	a23f4242a76cee5433ded21e591af5e1973bb00c561b089256ceff69d154eb06_JC.exe	29
PID 2224 wrote to memory of 1708	2224	a23f4242a76cee5433ded21e591af5e1973bb00c561b089256ceff69d154eb06_JC.exe	29
PID 2224 wrote to memory of 1708	2224	a23f4242a76cee5433ded21e591af5e1973bb00c561b089256ceff69d154eb06_JC.exe	29
PID 2224 wrote to memory of 1708	2224	a23f4242a76cee5433ded21e591af5e1973bb00c561b089256ceff69d154eb06_JC.exe	29
PID 2224 wrote to memory of 1708	2224	a23f4242a76cee5433ded21e591af5e1973bb00c561b089256ceff69d154eb06_JC.exe	29
PID 2224 wrote to memory of 1708	2224	a23f4242a76cee5433ded21e591af5e1973bb00c561b089256ceff69d154eb06_JC.exe	29
PID 2224 wrote to memory of 1708	2224	a23f4242a76cee5433ded21e591af5e1973bb00c561b089256ceff69d154eb06_JC.exe	29
PID 2224 wrote to memory of 1708	2224	a23f4242a76cee5433ded21e591af5e1973bb00c561b089256ceff69d154eb06_JC.exe	29
PID 2224 wrote to memory of 1708	2224	a23f4242a76cee5433ded21e591af5e1973bb00c561b089256ceff69d154eb06_JC.exe	29
PID 2224 wrote to memory of 1708	2224	a23f4242a76cee5433ded21e591af5e1973bb00c561b089256ceff69d154eb06_JC.exe	29
PID 2224 wrote to memory of 2584	2224	a23f4242a76cee5433ded21e591af5e1973bb00c561b089256ceff69d154eb06_JC.exe	30
PID 2224 wrote to memory of 2584	2224	a23f4242a76cee5433ded21e591af5e1973bb00c561b089256ceff69d154eb06_JC.exe	30
PID 2224 wrote to memory of 2584	2224	a23f4242a76cee5433ded21e591af5e1973bb00c561b089256ceff69d154eb06_JC.exe	30
PID 2224 wrote to memory of 2584	2224	a23f4242a76cee5433ded21e591af5e1973bb00c561b089256ceff69d154eb06_JC.exe	30
PID 1708 wrote to memory of 2312	1708	AppLaunch.exe	31
PID 1708 wrote to memory of 2312	1708	AppLaunch.exe	31
PID 1708 wrote to memory of 2312	1708	AppLaunch.exe	31
PID 1708 wrote to memory of 2312	1708	AppLaunch.exe	31
PID 1708 wrote to memory of 2312	1708	AppLaunch.exe	31
PID 1708 wrote to memory of 2312	1708	AppLaunch.exe	31
PID 1708 wrote to memory of 2312	1708	AppLaunch.exe	31

C:\Users\Admin\AppData\Local\Temp\a23f4242a76cee5433ded21e591af5e1973bb00c561b089256ceff69d154eb06_JC.exe
"C:\Users\Admin\AppData\Local\Temp\a23f4242a76cee5433ded21e591af5e1973bb00c561b089256ceff69d154eb06_JC.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1708
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 196
    3⤵
    - Program crash
    PID:2312
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 52
  2⤵
  - Program crash
  PID:2584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1708-0-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1708-1-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1708-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/1708-7-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1708-5-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1708-4-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1708-3-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1708-2-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1708-9-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1708-11-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads