ec81ef5de580fe7ca93029e64ed76603989754a2185caf4bd2018be65ffbb2d0

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 04:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ec81ef5de580fe7ca93029e64ed76603989754a2185caf4bd2018be65ffbb2d0.exe
Size

378KB
MD5

534f3a3116fc2ec3efa886550f261ff8
SHA1

7d7fe045f587fc87ef35bf636da33241a712db29
SHA256

ec81ef5de580fe7ca93029e64ed76603989754a2185caf4bd2018be65ffbb2d0
SHA512

7a4a8aff1926c79c7810fb5b65b234485810fb468f26c8e7fdf57059ca1dc421d3e62d40378191b47f6123c981eb3718e1a1af4699851472aadeef49a2d0dffe
SSDEEP

6144:tH5frpxdonyq4zaG2u5AO3eKd7RjnwpDzmehyNKZIIFFXVMyed38Cy2MOHt7RCqX:tRrp0/9u5Veo7RjnMDLyo3FXVMyItV9L

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2960 set thread context of 3028	2960	ec81ef5de580fe7ca93029e64ed76603989754a2185caf4bd2018be65ffbb2d0.exe	29

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1080	2960	WerFault.exe	27
1132	3028	WerFault.exe	29

Suspicious use of WriteProcessMemory 32 IoCs

description	pid	Process	procid_target
PID 2960 wrote to memory of 3016	2960	ec81ef5de580fe7ca93029e64ed76603989754a2185caf4bd2018be65ffbb2d0.exe	28
PID 2960 wrote to memory of 3016	2960	ec81ef5de580fe7ca93029e64ed76603989754a2185caf4bd2018be65ffbb2d0.exe	28
PID 2960 wrote to memory of 3016	2960	ec81ef5de580fe7ca93029e64ed76603989754a2185caf4bd2018be65ffbb2d0.exe	28
PID 2960 wrote to memory of 3016	2960	ec81ef5de580fe7ca93029e64ed76603989754a2185caf4bd2018be65ffbb2d0.exe	28
PID 2960 wrote to memory of 3016	2960	ec81ef5de580fe7ca93029e64ed76603989754a2185caf4bd2018be65ffbb2d0.exe	28
PID 2960 wrote to memory of 3016	2960	ec81ef5de580fe7ca93029e64ed76603989754a2185caf4bd2018be65ffbb2d0.exe	28
PID 2960 wrote to memory of 3016	2960	ec81ef5de580fe7ca93029e64ed76603989754a2185caf4bd2018be65ffbb2d0.exe	28
PID 2960 wrote to memory of 3028	2960	ec81ef5de580fe7ca93029e64ed76603989754a2185caf4bd2018be65ffbb2d0.exe	29
PID 2960 wrote to memory of 3028	2960	ec81ef5de580fe7ca93029e64ed76603989754a2185caf4bd2018be65ffbb2d0.exe	29
PID 2960 wrote to memory of 3028	2960	ec81ef5de580fe7ca93029e64ed76603989754a2185caf4bd2018be65ffbb2d0.exe	29
PID 2960 wrote to memory of 3028	2960	ec81ef5de580fe7ca93029e64ed76603989754a2185caf4bd2018be65ffbb2d0.exe	29
PID 2960 wrote to memory of 3028	2960	ec81ef5de580fe7ca93029e64ed76603989754a2185caf4bd2018be65ffbb2d0.exe	29
PID 2960 wrote to memory of 3028	2960	ec81ef5de580fe7ca93029e64ed76603989754a2185caf4bd2018be65ffbb2d0.exe	29
PID 2960 wrote to memory of 3028	2960	ec81ef5de580fe7ca93029e64ed76603989754a2185caf4bd2018be65ffbb2d0.exe	29
PID 2960 wrote to memory of 3028	2960	ec81ef5de580fe7ca93029e64ed76603989754a2185caf4bd2018be65ffbb2d0.exe	29
PID 2960 wrote to memory of 3028	2960	ec81ef5de580fe7ca93029e64ed76603989754a2185caf4bd2018be65ffbb2d0.exe	29
PID 2960 wrote to memory of 3028	2960	ec81ef5de580fe7ca93029e64ed76603989754a2185caf4bd2018be65ffbb2d0.exe	29
PID 2960 wrote to memory of 3028	2960	ec81ef5de580fe7ca93029e64ed76603989754a2185caf4bd2018be65ffbb2d0.exe	29
PID 2960 wrote to memory of 3028	2960	ec81ef5de580fe7ca93029e64ed76603989754a2185caf4bd2018be65ffbb2d0.exe	29
PID 2960 wrote to memory of 3028	2960	ec81ef5de580fe7ca93029e64ed76603989754a2185caf4bd2018be65ffbb2d0.exe	29
PID 2960 wrote to memory of 3028	2960	ec81ef5de580fe7ca93029e64ed76603989754a2185caf4bd2018be65ffbb2d0.exe	29
PID 2960 wrote to memory of 1080	2960	ec81ef5de580fe7ca93029e64ed76603989754a2185caf4bd2018be65ffbb2d0.exe	30
PID 2960 wrote to memory of 1080	2960	ec81ef5de580fe7ca93029e64ed76603989754a2185caf4bd2018be65ffbb2d0.exe	30
PID 2960 wrote to memory of 1080	2960	ec81ef5de580fe7ca93029e64ed76603989754a2185caf4bd2018be65ffbb2d0.exe	30
PID 2960 wrote to memory of 1080	2960	ec81ef5de580fe7ca93029e64ed76603989754a2185caf4bd2018be65ffbb2d0.exe	30
PID 3028 wrote to memory of 1132	3028	AppLaunch.exe	31
PID 3028 wrote to memory of 1132	3028	AppLaunch.exe	31
PID 3028 wrote to memory of 1132	3028	AppLaunch.exe	31
PID 3028 wrote to memory of 1132	3028	AppLaunch.exe	31
PID 3028 wrote to memory of 1132	3028	AppLaunch.exe	31
PID 3028 wrote to memory of 1132	3028	AppLaunch.exe	31
PID 3028 wrote to memory of 1132	3028	AppLaunch.exe	31

C:\Users\Admin\AppData\Local\Temp\ec81ef5de580fe7ca93029e64ed76603989754a2185caf4bd2018be65ffbb2d0.exe
"C:\Users\Admin\AppData\Local\Temp\ec81ef5de580fe7ca93029e64ed76603989754a2185caf4bd2018be65ffbb2d0.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2960
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:3016
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3028
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 196
    3⤵
    - Program crash
    PID:1132
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 100
  2⤵
  - Program crash
  PID:1080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3028-1-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3028-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3028-4-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3028-5-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3028-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/3028-3-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3028-7-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3028-2-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3028-9-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3028-11-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads