8011e74693b5d8a2a1488ef32f1586afd922a91c965142b3ceee8ba9455a64ce

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 00:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8011e74693b5d8a2a1488ef32f1586afd922a91c965142b3ceee8ba9455a64ce.exe
Size

364KB
MD5

36c4eaac755d927f09b9fc807f463dc4
SHA1

accd7b2bed923aaeb5999cf16084b2323e5e8a15
SHA256

8011e74693b5d8a2a1488ef32f1586afd922a91c965142b3ceee8ba9455a64ce
SHA512

c434c372f766305a2ff97dd86cf37e1ef61c73c975ec1ca4caafb0979ebf4d16bf7f5ce8db69a0bb731c0a0adc7ba1bc1c52ec0fade5fe4171d233099e3a95d6
SSDEEP

6144:pK46fuYXChoQTjlFgLuCY1dRuAO5LQRNHrWb2UynYghxLsXG2aN1hw8y0:pvYzXChdTbv1buoDLo2pDhx4XNaN1hwX

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2436 set thread context of 1680	2436	8011e74693b5d8a2a1488ef32f1586afd922a91c965142b3ceee8ba9455a64ce.exe	28

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3020	2436	WerFault.exe	27
2304	1680	WerFault.exe	28

Suspicious use of WriteProcessMemory 25 IoCs

description	pid	Process	procid_target
PID 2436 wrote to memory of 1680	2436	8011e74693b5d8a2a1488ef32f1586afd922a91c965142b3ceee8ba9455a64ce.exe	28
PID 2436 wrote to memory of 1680	2436	8011e74693b5d8a2a1488ef32f1586afd922a91c965142b3ceee8ba9455a64ce.exe	28
PID 2436 wrote to memory of 1680	2436	8011e74693b5d8a2a1488ef32f1586afd922a91c965142b3ceee8ba9455a64ce.exe	28
PID 2436 wrote to memory of 1680	2436	8011e74693b5d8a2a1488ef32f1586afd922a91c965142b3ceee8ba9455a64ce.exe	28
PID 2436 wrote to memory of 1680	2436	8011e74693b5d8a2a1488ef32f1586afd922a91c965142b3ceee8ba9455a64ce.exe	28
PID 2436 wrote to memory of 1680	2436	8011e74693b5d8a2a1488ef32f1586afd922a91c965142b3ceee8ba9455a64ce.exe	28
PID 2436 wrote to memory of 1680	2436	8011e74693b5d8a2a1488ef32f1586afd922a91c965142b3ceee8ba9455a64ce.exe	28
PID 2436 wrote to memory of 1680	2436	8011e74693b5d8a2a1488ef32f1586afd922a91c965142b3ceee8ba9455a64ce.exe	28
PID 2436 wrote to memory of 1680	2436	8011e74693b5d8a2a1488ef32f1586afd922a91c965142b3ceee8ba9455a64ce.exe	28
PID 2436 wrote to memory of 1680	2436	8011e74693b5d8a2a1488ef32f1586afd922a91c965142b3ceee8ba9455a64ce.exe	28
PID 2436 wrote to memory of 1680	2436	8011e74693b5d8a2a1488ef32f1586afd922a91c965142b3ceee8ba9455a64ce.exe	28
PID 2436 wrote to memory of 1680	2436	8011e74693b5d8a2a1488ef32f1586afd922a91c965142b3ceee8ba9455a64ce.exe	28
PID 2436 wrote to memory of 1680	2436	8011e74693b5d8a2a1488ef32f1586afd922a91c965142b3ceee8ba9455a64ce.exe	28
PID 2436 wrote to memory of 1680	2436	8011e74693b5d8a2a1488ef32f1586afd922a91c965142b3ceee8ba9455a64ce.exe	28
PID 2436 wrote to memory of 3020	2436	8011e74693b5d8a2a1488ef32f1586afd922a91c965142b3ceee8ba9455a64ce.exe	29
PID 2436 wrote to memory of 3020	2436	8011e74693b5d8a2a1488ef32f1586afd922a91c965142b3ceee8ba9455a64ce.exe	29
PID 2436 wrote to memory of 3020	2436	8011e74693b5d8a2a1488ef32f1586afd922a91c965142b3ceee8ba9455a64ce.exe	29
PID 2436 wrote to memory of 3020	2436	8011e74693b5d8a2a1488ef32f1586afd922a91c965142b3ceee8ba9455a64ce.exe	29
PID 1680 wrote to memory of 2304	1680	AppLaunch.exe	30
PID 1680 wrote to memory of 2304	1680	AppLaunch.exe	30
PID 1680 wrote to memory of 2304	1680	AppLaunch.exe	30
PID 1680 wrote to memory of 2304	1680	AppLaunch.exe	30
PID 1680 wrote to memory of 2304	1680	AppLaunch.exe	30
PID 1680 wrote to memory of 2304	1680	AppLaunch.exe	30
PID 1680 wrote to memory of 2304	1680	AppLaunch.exe	30

C:\Users\Admin\AppData\Local\Temp\8011e74693b5d8a2a1488ef32f1586afd922a91c965142b3ceee8ba9455a64ce.exe
"C:\Users\Admin\AppData\Local\Temp\8011e74693b5d8a2a1488ef32f1586afd922a91c965142b3ceee8ba9455a64ce.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2436
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1680
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 196
    3⤵
    - Program crash
    PID:2304
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 52
  2⤵
  - Program crash
  PID:3020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1680-0-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1680-2-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1680-3-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1680-4-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1680-7-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1680-5-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1680-1-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1680-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/1680-9-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1680-11-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads