1c514166857aea831845a6edf6907feb5558da017adbd85b8d4e94e4723ca448

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12-10-2023 07:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1c514166857aea831845a6edf6907feb5558da017adbd85b8d4e94e4723ca448.exe
Size

700KB
MD5

97a62ecc228570f1ac28416be27a66d3
SHA1

5b1421e88a8707affbd0b9c3ed11ff4635a39959
SHA256

1c514166857aea831845a6edf6907feb5558da017adbd85b8d4e94e4723ca448
SHA512

f7ca4691953540862b72037854c5e790f1132cf770f5aa674fbf6cd2a82ff47216fd61b6e0971a58fee641a7b621ead016fc0d8d8fda280476ab2a6e75102273
SSDEEP

6144:76vGALXgBEIy8wluzNcq/PVucQpHVzsPCvaeztC4HTByQ3xpvfr:2HXgFysVucQp1zs6S6tpHVyAjr

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1692 set thread context of 2060	1692	1c514166857aea831845a6edf6907feb5558da017adbd85b8d4e94e4723ca448.exe	29

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2756	1692	WerFault.exe	27
2644	2060	WerFault.exe	29

Suspicious use of WriteProcessMemory 25 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 2060	1692	1c514166857aea831845a6edf6907feb5558da017adbd85b8d4e94e4723ca448.exe	29
PID 1692 wrote to memory of 2060	1692	1c514166857aea831845a6edf6907feb5558da017adbd85b8d4e94e4723ca448.exe	29
PID 1692 wrote to memory of 2060	1692	1c514166857aea831845a6edf6907feb5558da017adbd85b8d4e94e4723ca448.exe	29
PID 1692 wrote to memory of 2060	1692	1c514166857aea831845a6edf6907feb5558da017adbd85b8d4e94e4723ca448.exe	29
PID 1692 wrote to memory of 2060	1692	1c514166857aea831845a6edf6907feb5558da017adbd85b8d4e94e4723ca448.exe	29
PID 1692 wrote to memory of 2060	1692	1c514166857aea831845a6edf6907feb5558da017adbd85b8d4e94e4723ca448.exe	29
PID 1692 wrote to memory of 2060	1692	1c514166857aea831845a6edf6907feb5558da017adbd85b8d4e94e4723ca448.exe	29
PID 1692 wrote to memory of 2060	1692	1c514166857aea831845a6edf6907feb5558da017adbd85b8d4e94e4723ca448.exe	29
PID 1692 wrote to memory of 2060	1692	1c514166857aea831845a6edf6907feb5558da017adbd85b8d4e94e4723ca448.exe	29
PID 1692 wrote to memory of 2060	1692	1c514166857aea831845a6edf6907feb5558da017adbd85b8d4e94e4723ca448.exe	29
PID 1692 wrote to memory of 2060	1692	1c514166857aea831845a6edf6907feb5558da017adbd85b8d4e94e4723ca448.exe	29
PID 1692 wrote to memory of 2060	1692	1c514166857aea831845a6edf6907feb5558da017adbd85b8d4e94e4723ca448.exe	29
PID 1692 wrote to memory of 2060	1692	1c514166857aea831845a6edf6907feb5558da017adbd85b8d4e94e4723ca448.exe	29
PID 1692 wrote to memory of 2060	1692	1c514166857aea831845a6edf6907feb5558da017adbd85b8d4e94e4723ca448.exe	29
PID 1692 wrote to memory of 2756	1692	1c514166857aea831845a6edf6907feb5558da017adbd85b8d4e94e4723ca448.exe	30
PID 1692 wrote to memory of 2756	1692	1c514166857aea831845a6edf6907feb5558da017adbd85b8d4e94e4723ca448.exe	30
PID 1692 wrote to memory of 2756	1692	1c514166857aea831845a6edf6907feb5558da017adbd85b8d4e94e4723ca448.exe	30
PID 1692 wrote to memory of 2756	1692	1c514166857aea831845a6edf6907feb5558da017adbd85b8d4e94e4723ca448.exe	30
PID 2060 wrote to memory of 2644	2060	AppLaunch.exe	31
PID 2060 wrote to memory of 2644	2060	AppLaunch.exe	31
PID 2060 wrote to memory of 2644	2060	AppLaunch.exe	31
PID 2060 wrote to memory of 2644	2060	AppLaunch.exe	31
PID 2060 wrote to memory of 2644	2060	AppLaunch.exe	31
PID 2060 wrote to memory of 2644	2060	AppLaunch.exe	31
PID 2060 wrote to memory of 2644	2060	AppLaunch.exe	31

C:\Users\Admin\AppData\Local\Temp\1c514166857aea831845a6edf6907feb5558da017adbd85b8d4e94e4723ca448.exe
"C:\Users\Admin\AppData\Local\Temp\1c514166857aea831845a6edf6907feb5558da017adbd85b8d4e94e4723ca448.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1692
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2060
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 196
    3⤵
    - Program crash
    PID:2644
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 92
  2⤵
  - Program crash
  PID:2756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2060-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2060-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2060-5-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2060-4-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2060-7-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2060-3-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2060-2-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2060-1-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2060-9-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2060-11-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads