ffcca06430d4babb8ee973aed5c5631014ef58cf61ec7693d8e7e5edf0bf62d7

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 04:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ffcca06430d4babb8ee973aed5c5631014ef58cf61ec7693d8e7e5edf0bf62d7.exe
Size

378KB
MD5

2b0c41eaeff117d7560ada6d77166030
SHA1

6cdcabaac064da544f0eaf59e1bd06e6961f55da
SHA256

ffcca06430d4babb8ee973aed5c5631014ef58cf61ec7693d8e7e5edf0bf62d7
SHA512

8abf81d7ce5a1588c19319992e2d6da0ce5ed4085e2dc00e5ea8cb9c1c8d3ea614d7cd1b3c66d90aa94f1a6813d407fb1b96ea6916d78e8dd38a581ceae7b460
SSDEEP

6144:gL55frpxdonyq4zaG2u5AO0eKmqeDzw8O5gnmvNYN/KOx6UtPquqp:gLPrp0/9u52eFzwfgOCNSgPquqp

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1824 set thread context of 2284	1824	ffcca06430d4babb8ee973aed5c5631014ef58cf61ec7693d8e7e5edf0bf62d7.exe	28

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2288	1824	WerFault.exe	25
2120	2284	WerFault.exe	28

Suspicious use of WriteProcessMemory 25 IoCs

description	pid	Process	procid_target
PID 1824 wrote to memory of 2284	1824	ffcca06430d4babb8ee973aed5c5631014ef58cf61ec7693d8e7e5edf0bf62d7.exe	28
PID 1824 wrote to memory of 2284	1824	ffcca06430d4babb8ee973aed5c5631014ef58cf61ec7693d8e7e5edf0bf62d7.exe	28
PID 1824 wrote to memory of 2284	1824	ffcca06430d4babb8ee973aed5c5631014ef58cf61ec7693d8e7e5edf0bf62d7.exe	28
PID 1824 wrote to memory of 2284	1824	ffcca06430d4babb8ee973aed5c5631014ef58cf61ec7693d8e7e5edf0bf62d7.exe	28
PID 1824 wrote to memory of 2284	1824	ffcca06430d4babb8ee973aed5c5631014ef58cf61ec7693d8e7e5edf0bf62d7.exe	28
PID 1824 wrote to memory of 2284	1824	ffcca06430d4babb8ee973aed5c5631014ef58cf61ec7693d8e7e5edf0bf62d7.exe	28
PID 1824 wrote to memory of 2284	1824	ffcca06430d4babb8ee973aed5c5631014ef58cf61ec7693d8e7e5edf0bf62d7.exe	28
PID 1824 wrote to memory of 2284	1824	ffcca06430d4babb8ee973aed5c5631014ef58cf61ec7693d8e7e5edf0bf62d7.exe	28
PID 1824 wrote to memory of 2284	1824	ffcca06430d4babb8ee973aed5c5631014ef58cf61ec7693d8e7e5edf0bf62d7.exe	28
PID 1824 wrote to memory of 2284	1824	ffcca06430d4babb8ee973aed5c5631014ef58cf61ec7693d8e7e5edf0bf62d7.exe	28
PID 1824 wrote to memory of 2284	1824	ffcca06430d4babb8ee973aed5c5631014ef58cf61ec7693d8e7e5edf0bf62d7.exe	28
PID 1824 wrote to memory of 2284	1824	ffcca06430d4babb8ee973aed5c5631014ef58cf61ec7693d8e7e5edf0bf62d7.exe	28
PID 1824 wrote to memory of 2284	1824	ffcca06430d4babb8ee973aed5c5631014ef58cf61ec7693d8e7e5edf0bf62d7.exe	28
PID 1824 wrote to memory of 2284	1824	ffcca06430d4babb8ee973aed5c5631014ef58cf61ec7693d8e7e5edf0bf62d7.exe	28
PID 1824 wrote to memory of 2288	1824	ffcca06430d4babb8ee973aed5c5631014ef58cf61ec7693d8e7e5edf0bf62d7.exe	29
PID 1824 wrote to memory of 2288	1824	ffcca06430d4babb8ee973aed5c5631014ef58cf61ec7693d8e7e5edf0bf62d7.exe	29
PID 1824 wrote to memory of 2288	1824	ffcca06430d4babb8ee973aed5c5631014ef58cf61ec7693d8e7e5edf0bf62d7.exe	29
PID 1824 wrote to memory of 2288	1824	ffcca06430d4babb8ee973aed5c5631014ef58cf61ec7693d8e7e5edf0bf62d7.exe	29
PID 2284 wrote to memory of 2120	2284	AppLaunch.exe	30
PID 2284 wrote to memory of 2120	2284	AppLaunch.exe	30
PID 2284 wrote to memory of 2120	2284	AppLaunch.exe	30
PID 2284 wrote to memory of 2120	2284	AppLaunch.exe	30
PID 2284 wrote to memory of 2120	2284	AppLaunch.exe	30
PID 2284 wrote to memory of 2120	2284	AppLaunch.exe	30
PID 2284 wrote to memory of 2120	2284	AppLaunch.exe	30

C:\Users\Admin\AppData\Local\Temp\ffcca06430d4babb8ee973aed5c5631014ef58cf61ec7693d8e7e5edf0bf62d7.exe
"C:\Users\Admin\AppData\Local\Temp\ffcca06430d4babb8ee973aed5c5631014ef58cf61ec7693d8e7e5edf0bf62d7.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1824
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2284
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 196
    3⤵
    - Program crash
    PID:2120
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 92
  2⤵
  - Program crash
  PID:2288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2284-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2284-1-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2284-2-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2284-3-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2284-4-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2284-5-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2284-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2284-7-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2284-9-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2284-11-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads