0736640fdff2e7a251c3c3dcf682c72822d760bcbdeac567f0a5a8f73d75ad96

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 04:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0736640fdff2e7a251c3c3dcf682c72822d760bcbdeac567f0a5a8f73d75ad96.exe
Size

378KB
MD5

69f7a7cb6c688ef685368e8eaa55df73
SHA1

729969ba1a638c64a0685c479fcb96128190acbd
SHA256

0736640fdff2e7a251c3c3dcf682c72822d760bcbdeac567f0a5a8f73d75ad96
SHA512

4e89b3dae031455b14a61756d4b193b04c839f6d4616b5c18081936c44b9ccd4c9a49b7ad2229fef1ac9917f1fc4c6481bebfa1a39c7280064eaa92182a09c65
SSDEEP

6144:X/5frpxdonyq4zaG2u5AOteKDeVoHMuY5SP1eCSsjjbGDQEHqLp9k+oKwqTBQ8TL:Xprp0/9u5XeORHMuY5SPgCSsjjaHqLLP

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2024 set thread context of 1604	2024	0736640fdff2e7a251c3c3dcf682c72822d760bcbdeac567f0a5a8f73d75ad96.exe	28

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3012	2024	WerFault.exe	27
1980	1604	WerFault.exe	28

Suspicious use of WriteProcessMemory 25 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 1604	2024	0736640fdff2e7a251c3c3dcf682c72822d760bcbdeac567f0a5a8f73d75ad96.exe	28
PID 2024 wrote to memory of 1604	2024	0736640fdff2e7a251c3c3dcf682c72822d760bcbdeac567f0a5a8f73d75ad96.exe	28
PID 2024 wrote to memory of 1604	2024	0736640fdff2e7a251c3c3dcf682c72822d760bcbdeac567f0a5a8f73d75ad96.exe	28
PID 2024 wrote to memory of 1604	2024	0736640fdff2e7a251c3c3dcf682c72822d760bcbdeac567f0a5a8f73d75ad96.exe	28
PID 2024 wrote to memory of 1604	2024	0736640fdff2e7a251c3c3dcf682c72822d760bcbdeac567f0a5a8f73d75ad96.exe	28
PID 2024 wrote to memory of 1604	2024	0736640fdff2e7a251c3c3dcf682c72822d760bcbdeac567f0a5a8f73d75ad96.exe	28
PID 2024 wrote to memory of 1604	2024	0736640fdff2e7a251c3c3dcf682c72822d760bcbdeac567f0a5a8f73d75ad96.exe	28
PID 2024 wrote to memory of 1604	2024	0736640fdff2e7a251c3c3dcf682c72822d760bcbdeac567f0a5a8f73d75ad96.exe	28
PID 2024 wrote to memory of 1604	2024	0736640fdff2e7a251c3c3dcf682c72822d760bcbdeac567f0a5a8f73d75ad96.exe	28
PID 2024 wrote to memory of 1604	2024	0736640fdff2e7a251c3c3dcf682c72822d760bcbdeac567f0a5a8f73d75ad96.exe	28
PID 2024 wrote to memory of 1604	2024	0736640fdff2e7a251c3c3dcf682c72822d760bcbdeac567f0a5a8f73d75ad96.exe	28
PID 2024 wrote to memory of 1604	2024	0736640fdff2e7a251c3c3dcf682c72822d760bcbdeac567f0a5a8f73d75ad96.exe	28
PID 2024 wrote to memory of 1604	2024	0736640fdff2e7a251c3c3dcf682c72822d760bcbdeac567f0a5a8f73d75ad96.exe	28
PID 2024 wrote to memory of 1604	2024	0736640fdff2e7a251c3c3dcf682c72822d760bcbdeac567f0a5a8f73d75ad96.exe	28
PID 2024 wrote to memory of 3012	2024	0736640fdff2e7a251c3c3dcf682c72822d760bcbdeac567f0a5a8f73d75ad96.exe	29
PID 2024 wrote to memory of 3012	2024	0736640fdff2e7a251c3c3dcf682c72822d760bcbdeac567f0a5a8f73d75ad96.exe	29
PID 2024 wrote to memory of 3012	2024	0736640fdff2e7a251c3c3dcf682c72822d760bcbdeac567f0a5a8f73d75ad96.exe	29
PID 2024 wrote to memory of 3012	2024	0736640fdff2e7a251c3c3dcf682c72822d760bcbdeac567f0a5a8f73d75ad96.exe	29
PID 1604 wrote to memory of 1980	1604	AppLaunch.exe	30
PID 1604 wrote to memory of 1980	1604	AppLaunch.exe	30
PID 1604 wrote to memory of 1980	1604	AppLaunch.exe	30
PID 1604 wrote to memory of 1980	1604	AppLaunch.exe	30
PID 1604 wrote to memory of 1980	1604	AppLaunch.exe	30
PID 1604 wrote to memory of 1980	1604	AppLaunch.exe	30
PID 1604 wrote to memory of 1980	1604	AppLaunch.exe	30

C:\Users\Admin\AppData\Local\Temp\0736640fdff2e7a251c3c3dcf682c72822d760bcbdeac567f0a5a8f73d75ad96.exe
"C:\Users\Admin\AppData\Local\Temp\0736640fdff2e7a251c3c3dcf682c72822d760bcbdeac567f0a5a8f73d75ad96.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1604
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 196
    3⤵
    - Program crash
    PID:1980
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 92
  2⤵
  - Program crash
  PID:3012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1604-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1604-4-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1604-3-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1604-2-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1604-1-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1604-5-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1604-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/1604-7-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1604-9-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1604-11-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads