c757aec83a6964e8e7ef2d09e356aa4468b48d65ee478addcbfe94ccb34ac9a5

Analysis

max time kernel
119s
max time network
146s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 05:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c757aec83a6964e8e7ef2d09e356aa4468b48d65ee478addcbfe94ccb34ac9a5.exe
Size

700KB
MD5

80ec7e8de58d34c4217a06c100577a88
SHA1

f3841eb1d18c1e868186ec2f36d5aa240185ec54
SHA256

c757aec83a6964e8e7ef2d09e356aa4468b48d65ee478addcbfe94ccb34ac9a5
SHA512

6cce9e5db6c5b634771bcf00f5ede69a467946da1cce16ed2bc396a79835797f6fbe1e39806f6a518b2a4e4040516fe4fe62f120a9fcf98ed3651098e5da15b5
SSDEEP

6144:RXSvGAafgBMniUwluzlcy/XVucQ5eJBeluQq0qkIrq/vsxpqJ86DpMM4vfz:wGfg2i8VucQ5mBCuJ0YrmZVMMMz

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2260 set thread context of 1668	2260	c757aec83a6964e8e7ef2d09e356aa4468b48d65ee478addcbfe94ccb34ac9a5.exe	29

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2616	2260	WerFault.exe	17
2468	1668	WerFault.exe	29

Suspicious use of WriteProcessMemory 25 IoCs

description	pid	Process	procid_target
PID 2260 wrote to memory of 1668	2260	c757aec83a6964e8e7ef2d09e356aa4468b48d65ee478addcbfe94ccb34ac9a5.exe	29
PID 2260 wrote to memory of 1668	2260	c757aec83a6964e8e7ef2d09e356aa4468b48d65ee478addcbfe94ccb34ac9a5.exe	29
PID 2260 wrote to memory of 1668	2260	c757aec83a6964e8e7ef2d09e356aa4468b48d65ee478addcbfe94ccb34ac9a5.exe	29
PID 2260 wrote to memory of 1668	2260	c757aec83a6964e8e7ef2d09e356aa4468b48d65ee478addcbfe94ccb34ac9a5.exe	29
PID 2260 wrote to memory of 1668	2260	c757aec83a6964e8e7ef2d09e356aa4468b48d65ee478addcbfe94ccb34ac9a5.exe	29
PID 2260 wrote to memory of 1668	2260	c757aec83a6964e8e7ef2d09e356aa4468b48d65ee478addcbfe94ccb34ac9a5.exe	29
PID 2260 wrote to memory of 1668	2260	c757aec83a6964e8e7ef2d09e356aa4468b48d65ee478addcbfe94ccb34ac9a5.exe	29
PID 2260 wrote to memory of 1668	2260	c757aec83a6964e8e7ef2d09e356aa4468b48d65ee478addcbfe94ccb34ac9a5.exe	29
PID 2260 wrote to memory of 1668	2260	c757aec83a6964e8e7ef2d09e356aa4468b48d65ee478addcbfe94ccb34ac9a5.exe	29
PID 2260 wrote to memory of 1668	2260	c757aec83a6964e8e7ef2d09e356aa4468b48d65ee478addcbfe94ccb34ac9a5.exe	29
PID 2260 wrote to memory of 1668	2260	c757aec83a6964e8e7ef2d09e356aa4468b48d65ee478addcbfe94ccb34ac9a5.exe	29
PID 2260 wrote to memory of 1668	2260	c757aec83a6964e8e7ef2d09e356aa4468b48d65ee478addcbfe94ccb34ac9a5.exe	29
PID 2260 wrote to memory of 1668	2260	c757aec83a6964e8e7ef2d09e356aa4468b48d65ee478addcbfe94ccb34ac9a5.exe	29
PID 2260 wrote to memory of 1668	2260	c757aec83a6964e8e7ef2d09e356aa4468b48d65ee478addcbfe94ccb34ac9a5.exe	29
PID 2260 wrote to memory of 2616	2260	c757aec83a6964e8e7ef2d09e356aa4468b48d65ee478addcbfe94ccb34ac9a5.exe	32
PID 2260 wrote to memory of 2616	2260	c757aec83a6964e8e7ef2d09e356aa4468b48d65ee478addcbfe94ccb34ac9a5.exe	32
PID 2260 wrote to memory of 2616	2260	c757aec83a6964e8e7ef2d09e356aa4468b48d65ee478addcbfe94ccb34ac9a5.exe	32
PID 2260 wrote to memory of 2616	2260	c757aec83a6964e8e7ef2d09e356aa4468b48d65ee478addcbfe94ccb34ac9a5.exe	32
PID 1668 wrote to memory of 2468	1668	AppLaunch.exe	33
PID 1668 wrote to memory of 2468	1668	AppLaunch.exe	33
PID 1668 wrote to memory of 2468	1668	AppLaunch.exe	33
PID 1668 wrote to memory of 2468	1668	AppLaunch.exe	33
PID 1668 wrote to memory of 2468	1668	AppLaunch.exe	33
PID 1668 wrote to memory of 2468	1668	AppLaunch.exe	33
PID 1668 wrote to memory of 2468	1668	AppLaunch.exe	33

C:\Users\Admin\AppData\Local\Temp\c757aec83a6964e8e7ef2d09e356aa4468b48d65ee478addcbfe94ccb34ac9a5.exe
"C:\Users\Admin\AppData\Local\Temp\c757aec83a6964e8e7ef2d09e356aa4468b48d65ee478addcbfe94ccb34ac9a5.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2260
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1668
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 196
    3⤵
    - Program crash
    PID:2468
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 92
  2⤵
  - Program crash
  PID:2616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1668-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1668-1-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1668-2-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1668-3-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1668-4-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1668-5-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1668-7-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1668-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/1668-9-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1668-11-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads