fa8bf8002f274e7d0b785b663ca00e5bb360238ba345b66f9ca9f6e3a9d0a90c

Analysis

max time kernel
118s
max time network
147s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 01:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa8bf8002f274e7d0b785b663ca00e5bb360238ba345b66f9ca9f6e3a9d0a90c.exe
Size

364KB
MD5

e9d91e73296419b2989e758169340841
SHA1

60ae64c2c8f8f961854b4f7c5c4c8506644b3ace
SHA256

fa8bf8002f274e7d0b785b663ca00e5bb360238ba345b66f9ca9f6e3a9d0a90c
SHA512

8eede390e123101ffcb129a13f90264a7d27886c8ad177329134bf979263dbc8d96b30fbf944d43fd922717068f62143d70009fcc97b84f8488a5e10ebcc61f0
SSDEEP

6144:Ho46fuYXChoQTjlFgLuCY1dRuAOPhfnFAa9DRNO5Xsku+r+aN9BuJuw8y0:HZYzXChdTbv1buzZ9DRNO58/c+aN9sJ7

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1512 set thread context of 1724	1512	fa8bf8002f274e7d0b785b663ca00e5bb360238ba345b66f9ca9f6e3a9d0a90c.exe	30

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1728	1512	WerFault.exe	16
1720	1724	WerFault.exe	30

Suspicious use of WriteProcessMemory 39 IoCs

description	pid	Process	procid_target
PID 1512 wrote to memory of 1672	1512	fa8bf8002f274e7d0b785b663ca00e5bb360238ba345b66f9ca9f6e3a9d0a90c.exe	28
PID 1512 wrote to memory of 1672	1512	fa8bf8002f274e7d0b785b663ca00e5bb360238ba345b66f9ca9f6e3a9d0a90c.exe	28
PID 1512 wrote to memory of 1672	1512	fa8bf8002f274e7d0b785b663ca00e5bb360238ba345b66f9ca9f6e3a9d0a90c.exe	28
PID 1512 wrote to memory of 1672	1512	fa8bf8002f274e7d0b785b663ca00e5bb360238ba345b66f9ca9f6e3a9d0a90c.exe	28
PID 1512 wrote to memory of 1672	1512	fa8bf8002f274e7d0b785b663ca00e5bb360238ba345b66f9ca9f6e3a9d0a90c.exe	28
PID 1512 wrote to memory of 1672	1512	fa8bf8002f274e7d0b785b663ca00e5bb360238ba345b66f9ca9f6e3a9d0a90c.exe	28
PID 1512 wrote to memory of 1672	1512	fa8bf8002f274e7d0b785b663ca00e5bb360238ba345b66f9ca9f6e3a9d0a90c.exe	28
PID 1512 wrote to memory of 2020	1512	fa8bf8002f274e7d0b785b663ca00e5bb360238ba345b66f9ca9f6e3a9d0a90c.exe	29
PID 1512 wrote to memory of 2020	1512	fa8bf8002f274e7d0b785b663ca00e5bb360238ba345b66f9ca9f6e3a9d0a90c.exe	29
PID 1512 wrote to memory of 2020	1512	fa8bf8002f274e7d0b785b663ca00e5bb360238ba345b66f9ca9f6e3a9d0a90c.exe	29
PID 1512 wrote to memory of 2020	1512	fa8bf8002f274e7d0b785b663ca00e5bb360238ba345b66f9ca9f6e3a9d0a90c.exe	29
PID 1512 wrote to memory of 2020	1512	fa8bf8002f274e7d0b785b663ca00e5bb360238ba345b66f9ca9f6e3a9d0a90c.exe	29
PID 1512 wrote to memory of 2020	1512	fa8bf8002f274e7d0b785b663ca00e5bb360238ba345b66f9ca9f6e3a9d0a90c.exe	29
PID 1512 wrote to memory of 2020	1512	fa8bf8002f274e7d0b785b663ca00e5bb360238ba345b66f9ca9f6e3a9d0a90c.exe	29
PID 1512 wrote to memory of 1724	1512	fa8bf8002f274e7d0b785b663ca00e5bb360238ba345b66f9ca9f6e3a9d0a90c.exe	30
PID 1512 wrote to memory of 1724	1512	fa8bf8002f274e7d0b785b663ca00e5bb360238ba345b66f9ca9f6e3a9d0a90c.exe	30
PID 1512 wrote to memory of 1724	1512	fa8bf8002f274e7d0b785b663ca00e5bb360238ba345b66f9ca9f6e3a9d0a90c.exe	30
PID 1512 wrote to memory of 1724	1512	fa8bf8002f274e7d0b785b663ca00e5bb360238ba345b66f9ca9f6e3a9d0a90c.exe	30
PID 1512 wrote to memory of 1724	1512	fa8bf8002f274e7d0b785b663ca00e5bb360238ba345b66f9ca9f6e3a9d0a90c.exe	30
PID 1512 wrote to memory of 1724	1512	fa8bf8002f274e7d0b785b663ca00e5bb360238ba345b66f9ca9f6e3a9d0a90c.exe	30
PID 1512 wrote to memory of 1724	1512	fa8bf8002f274e7d0b785b663ca00e5bb360238ba345b66f9ca9f6e3a9d0a90c.exe	30
PID 1512 wrote to memory of 1724	1512	fa8bf8002f274e7d0b785b663ca00e5bb360238ba345b66f9ca9f6e3a9d0a90c.exe	30
PID 1512 wrote to memory of 1724	1512	fa8bf8002f274e7d0b785b663ca00e5bb360238ba345b66f9ca9f6e3a9d0a90c.exe	30
PID 1512 wrote to memory of 1724	1512	fa8bf8002f274e7d0b785b663ca00e5bb360238ba345b66f9ca9f6e3a9d0a90c.exe	30
PID 1512 wrote to memory of 1724	1512	fa8bf8002f274e7d0b785b663ca00e5bb360238ba345b66f9ca9f6e3a9d0a90c.exe	30
PID 1512 wrote to memory of 1724	1512	fa8bf8002f274e7d0b785b663ca00e5bb360238ba345b66f9ca9f6e3a9d0a90c.exe	30
PID 1512 wrote to memory of 1724	1512	fa8bf8002f274e7d0b785b663ca00e5bb360238ba345b66f9ca9f6e3a9d0a90c.exe	30
PID 1512 wrote to memory of 1724	1512	fa8bf8002f274e7d0b785b663ca00e5bb360238ba345b66f9ca9f6e3a9d0a90c.exe	30
PID 1512 wrote to memory of 1728	1512	fa8bf8002f274e7d0b785b663ca00e5bb360238ba345b66f9ca9f6e3a9d0a90c.exe	31
PID 1512 wrote to memory of 1728	1512	fa8bf8002f274e7d0b785b663ca00e5bb360238ba345b66f9ca9f6e3a9d0a90c.exe	31
PID 1512 wrote to memory of 1728	1512	fa8bf8002f274e7d0b785b663ca00e5bb360238ba345b66f9ca9f6e3a9d0a90c.exe	31
PID 1512 wrote to memory of 1728	1512	fa8bf8002f274e7d0b785b663ca00e5bb360238ba345b66f9ca9f6e3a9d0a90c.exe	31
PID 1724 wrote to memory of 1720	1724	AppLaunch.exe	32
PID 1724 wrote to memory of 1720	1724	AppLaunch.exe	32
PID 1724 wrote to memory of 1720	1724	AppLaunch.exe	32
PID 1724 wrote to memory of 1720	1724	AppLaunch.exe	32
PID 1724 wrote to memory of 1720	1724	AppLaunch.exe	32
PID 1724 wrote to memory of 1720	1724	AppLaunch.exe	32
PID 1724 wrote to memory of 1720	1724	AppLaunch.exe	32

C:\Users\Admin\AppData\Local\Temp\fa8bf8002f274e7d0b785b663ca00e5bb360238ba345b66f9ca9f6e3a9d0a90c.exe
"C:\Users\Admin\AppData\Local\Temp\fa8bf8002f274e7d0b785b663ca00e5bb360238ba345b66f9ca9f6e3a9d0a90c.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1512
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:1672
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:2020
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1724
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 196
    3⤵
    - Program crash
    PID:1720
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 72
  2⤵
  - Program crash
  PID:1728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1724-0-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1724-1-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1724-2-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1724-3-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1724-4-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1724-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/1724-7-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1724-5-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1724-9-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1724-11-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads