3852ed3843fd500abf880ec525bf190281d80b78d58b25510fc166214b56dbaa

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12-10-2023 04:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3852ed3843fd500abf880ec525bf190281d80b78d58b25510fc166214b56dbaa.exe
Size

700KB
MD5

3fa9577e900029040fa402dac02a7895
SHA1

961baff9331ac40dd9bc8d55fd420663fc78e935
SHA256

3852ed3843fd500abf880ec525bf190281d80b78d58b25510fc166214b56dbaa
SHA512

69f98ddfb9791ee512f0af21524e209f5a43fa57044c20676c9649b11ca7fd1d884308410dbe86e9fd1fc52d50568c4f2547b7366c833190430f3d502cca6624
SSDEEP

6144:MSvGAafgBMniUwluzlcy/XVucQ5d8tU25CbSyadSxbXuvfz:NGfg2i8VucQ5StybFad4Cz

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1736 set thread context of 2308	1736	3852ed3843fd500abf880ec525bf190281d80b78d58b25510fc166214b56dbaa.exe	29

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2732	1736	WerFault.exe	27
2764	2308	WerFault.exe	29

Suspicious use of WriteProcessMemory 25 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 2308	1736	3852ed3843fd500abf880ec525bf190281d80b78d58b25510fc166214b56dbaa.exe	29
PID 1736 wrote to memory of 2308	1736	3852ed3843fd500abf880ec525bf190281d80b78d58b25510fc166214b56dbaa.exe	29
PID 1736 wrote to memory of 2308	1736	3852ed3843fd500abf880ec525bf190281d80b78d58b25510fc166214b56dbaa.exe	29
PID 1736 wrote to memory of 2308	1736	3852ed3843fd500abf880ec525bf190281d80b78d58b25510fc166214b56dbaa.exe	29
PID 1736 wrote to memory of 2308	1736	3852ed3843fd500abf880ec525bf190281d80b78d58b25510fc166214b56dbaa.exe	29
PID 1736 wrote to memory of 2308	1736	3852ed3843fd500abf880ec525bf190281d80b78d58b25510fc166214b56dbaa.exe	29
PID 1736 wrote to memory of 2308	1736	3852ed3843fd500abf880ec525bf190281d80b78d58b25510fc166214b56dbaa.exe	29
PID 1736 wrote to memory of 2308	1736	3852ed3843fd500abf880ec525bf190281d80b78d58b25510fc166214b56dbaa.exe	29
PID 1736 wrote to memory of 2308	1736	3852ed3843fd500abf880ec525bf190281d80b78d58b25510fc166214b56dbaa.exe	29
PID 1736 wrote to memory of 2308	1736	3852ed3843fd500abf880ec525bf190281d80b78d58b25510fc166214b56dbaa.exe	29
PID 1736 wrote to memory of 2308	1736	3852ed3843fd500abf880ec525bf190281d80b78d58b25510fc166214b56dbaa.exe	29
PID 1736 wrote to memory of 2308	1736	3852ed3843fd500abf880ec525bf190281d80b78d58b25510fc166214b56dbaa.exe	29
PID 1736 wrote to memory of 2308	1736	3852ed3843fd500abf880ec525bf190281d80b78d58b25510fc166214b56dbaa.exe	29
PID 1736 wrote to memory of 2308	1736	3852ed3843fd500abf880ec525bf190281d80b78d58b25510fc166214b56dbaa.exe	29
PID 1736 wrote to memory of 2732	1736	3852ed3843fd500abf880ec525bf190281d80b78d58b25510fc166214b56dbaa.exe	30
PID 1736 wrote to memory of 2732	1736	3852ed3843fd500abf880ec525bf190281d80b78d58b25510fc166214b56dbaa.exe	30
PID 1736 wrote to memory of 2732	1736	3852ed3843fd500abf880ec525bf190281d80b78d58b25510fc166214b56dbaa.exe	30
PID 1736 wrote to memory of 2732	1736	3852ed3843fd500abf880ec525bf190281d80b78d58b25510fc166214b56dbaa.exe	30
PID 2308 wrote to memory of 2764	2308	AppLaunch.exe	31
PID 2308 wrote to memory of 2764	2308	AppLaunch.exe	31
PID 2308 wrote to memory of 2764	2308	AppLaunch.exe	31
PID 2308 wrote to memory of 2764	2308	AppLaunch.exe	31
PID 2308 wrote to memory of 2764	2308	AppLaunch.exe	31
PID 2308 wrote to memory of 2764	2308	AppLaunch.exe	31
PID 2308 wrote to memory of 2764	2308	AppLaunch.exe	31

C:\Users\Admin\AppData\Local\Temp\3852ed3843fd500abf880ec525bf190281d80b78d58b25510fc166214b56dbaa.exe
"C:\Users\Admin\AppData\Local\Temp\3852ed3843fd500abf880ec525bf190281d80b78d58b25510fc166214b56dbaa.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2308
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 196
    3⤵
    - Program crash
    PID:2764
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 92
  2⤵
  - Program crash
  PID:2732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2308-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2308-1-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2308-4-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2308-2-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2308-6-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2308-8-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2308-13-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2308-11-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2308-10-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2308-15-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads