a011923783887fa6650803bcd81eb1fc2fca10a2bba3e1e391deb0679a704e5b

Analysis

max time kernel
267s
max time network
316s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 04:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a011923783887fa6650803bcd81eb1fc2fca10a2bba3e1e391deb0679a704e5b.exe
Size

700KB
MD5

6496240e8c5a6e7e3f3cc133da34548e
SHA1

d846c764049c1c47d8cc44fedec1b01c549cc8a3
SHA256

a011923783887fa6650803bcd81eb1fc2fca10a2bba3e1e391deb0679a704e5b
SHA512

1b2bb634e4f45057f967dae34787bf4b7521d677649564071eef70d11f15ac04ddef9d4a6c5fb31f57ec7ea9533ee2771ddd78ecce005ac892fc57efb2f755a1
SSDEEP

6144:46vGALXgBEIy8wluzNcq/PVucQpSrhQrcazqs8Vi8D1knIJC0FQHEodJFvfr:ZHXgFysVucQpkaD8ViXNkodbr

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2712 set thread context of 2544	2712	a011923783887fa6650803bcd81eb1fc2fca10a2bba3e1e391deb0679a704e5b.exe	29

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2620	2712	WerFault.exe	19
2504	2544	WerFault.exe	29

Suspicious use of WriteProcessMemory 32 IoCs

description	pid	Process	procid_target
PID 2712 wrote to memory of 2772	2712	a011923783887fa6650803bcd81eb1fc2fca10a2bba3e1e391deb0679a704e5b.exe	28
PID 2712 wrote to memory of 2772	2712	a011923783887fa6650803bcd81eb1fc2fca10a2bba3e1e391deb0679a704e5b.exe	28
PID 2712 wrote to memory of 2772	2712	a011923783887fa6650803bcd81eb1fc2fca10a2bba3e1e391deb0679a704e5b.exe	28
PID 2712 wrote to memory of 2772	2712	a011923783887fa6650803bcd81eb1fc2fca10a2bba3e1e391deb0679a704e5b.exe	28
PID 2712 wrote to memory of 2772	2712	a011923783887fa6650803bcd81eb1fc2fca10a2bba3e1e391deb0679a704e5b.exe	28
PID 2712 wrote to memory of 2772	2712	a011923783887fa6650803bcd81eb1fc2fca10a2bba3e1e391deb0679a704e5b.exe	28
PID 2712 wrote to memory of 2772	2712	a011923783887fa6650803bcd81eb1fc2fca10a2bba3e1e391deb0679a704e5b.exe	28
PID 2712 wrote to memory of 2544	2712	a011923783887fa6650803bcd81eb1fc2fca10a2bba3e1e391deb0679a704e5b.exe	29
PID 2712 wrote to memory of 2544	2712	a011923783887fa6650803bcd81eb1fc2fca10a2bba3e1e391deb0679a704e5b.exe	29
PID 2712 wrote to memory of 2544	2712	a011923783887fa6650803bcd81eb1fc2fca10a2bba3e1e391deb0679a704e5b.exe	29
PID 2712 wrote to memory of 2544	2712	a011923783887fa6650803bcd81eb1fc2fca10a2bba3e1e391deb0679a704e5b.exe	29
PID 2712 wrote to memory of 2544	2712	a011923783887fa6650803bcd81eb1fc2fca10a2bba3e1e391deb0679a704e5b.exe	29
PID 2712 wrote to memory of 2544	2712	a011923783887fa6650803bcd81eb1fc2fca10a2bba3e1e391deb0679a704e5b.exe	29
PID 2712 wrote to memory of 2544	2712	a011923783887fa6650803bcd81eb1fc2fca10a2bba3e1e391deb0679a704e5b.exe	29
PID 2712 wrote to memory of 2544	2712	a011923783887fa6650803bcd81eb1fc2fca10a2bba3e1e391deb0679a704e5b.exe	29
PID 2712 wrote to memory of 2544	2712	a011923783887fa6650803bcd81eb1fc2fca10a2bba3e1e391deb0679a704e5b.exe	29
PID 2712 wrote to memory of 2544	2712	a011923783887fa6650803bcd81eb1fc2fca10a2bba3e1e391deb0679a704e5b.exe	29
PID 2712 wrote to memory of 2544	2712	a011923783887fa6650803bcd81eb1fc2fca10a2bba3e1e391deb0679a704e5b.exe	29
PID 2712 wrote to memory of 2544	2712	a011923783887fa6650803bcd81eb1fc2fca10a2bba3e1e391deb0679a704e5b.exe	29
PID 2712 wrote to memory of 2544	2712	a011923783887fa6650803bcd81eb1fc2fca10a2bba3e1e391deb0679a704e5b.exe	29
PID 2712 wrote to memory of 2544	2712	a011923783887fa6650803bcd81eb1fc2fca10a2bba3e1e391deb0679a704e5b.exe	29
PID 2712 wrote to memory of 2620	2712	a011923783887fa6650803bcd81eb1fc2fca10a2bba3e1e391deb0679a704e5b.exe	30
PID 2712 wrote to memory of 2620	2712	a011923783887fa6650803bcd81eb1fc2fca10a2bba3e1e391deb0679a704e5b.exe	30
PID 2712 wrote to memory of 2620	2712	a011923783887fa6650803bcd81eb1fc2fca10a2bba3e1e391deb0679a704e5b.exe	30
PID 2712 wrote to memory of 2620	2712	a011923783887fa6650803bcd81eb1fc2fca10a2bba3e1e391deb0679a704e5b.exe	30
PID 2544 wrote to memory of 2504	2544	AppLaunch.exe	31
PID 2544 wrote to memory of 2504	2544	AppLaunch.exe	31
PID 2544 wrote to memory of 2504	2544	AppLaunch.exe	31
PID 2544 wrote to memory of 2504	2544	AppLaunch.exe	31
PID 2544 wrote to memory of 2504	2544	AppLaunch.exe	31
PID 2544 wrote to memory of 2504	2544	AppLaunch.exe	31
PID 2544 wrote to memory of 2504	2544	AppLaunch.exe	31

C:\Users\Admin\AppData\Local\Temp\a011923783887fa6650803bcd81eb1fc2fca10a2bba3e1e391deb0679a704e5b.exe
"C:\Users\Admin\AppData\Local\Temp\a011923783887fa6650803bcd81eb1fc2fca10a2bba3e1e391deb0679a704e5b.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2712
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:2772
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2544
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 196
    3⤵
    - Program crash
    PID:2504
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 100
  2⤵
  - Program crash
  PID:2620

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2544-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2544-1-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2544-2-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2544-4-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2544-6-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2544-8-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2544-10-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2544-11-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2544-13-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2544-15-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads