e3cabefa48d70d737194e71275e2ecba91380dc6af1e4b0615d7e05e3499c8c9

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 07:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

700KB
MD5

8c27617b6d059825ff3b8156e753ab7e
SHA1

d1b87c4bd30308db0e0d7ba6d3080fe51d541f3e
SHA256

e3cabefa48d70d737194e71275e2ecba91380dc6af1e4b0615d7e05e3499c8c9
SHA512

1a368469c0e3ef4a2d6d9985453b4d1e376edc934600138bbd67e505b07dbd396aea9598e092d09ea652f4ca8b4fd6279752e8c4c1cbcbdcb0cad78e44ff23d7
SSDEEP

6144:S46vPALOgBE8y8wl5zNci/6VucQZurOjCtpF/gQbN6xLsyXHLbnNjxSBUWqxsr:SZgOgxyKVucQZuXgQbWLsyXHLRAr

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1948 set thread context of 2440	1948	file.exe	29

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2208	1948	WerFault.exe	18
3028	2440	WerFault.exe	29

Suspicious use of WriteProcessMemory 32 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 1908	1948	file.exe	28
PID 1948 wrote to memory of 1908	1948	file.exe	28
PID 1948 wrote to memory of 1908	1948	file.exe	28
PID 1948 wrote to memory of 1908	1948	file.exe	28
PID 1948 wrote to memory of 1908	1948	file.exe	28
PID 1948 wrote to memory of 1908	1948	file.exe	28
PID 1948 wrote to memory of 1908	1948	file.exe	28
PID 1948 wrote to memory of 2440	1948	file.exe	29
PID 1948 wrote to memory of 2440	1948	file.exe	29
PID 1948 wrote to memory of 2440	1948	file.exe	29
PID 1948 wrote to memory of 2440	1948	file.exe	29
PID 1948 wrote to memory of 2440	1948	file.exe	29
PID 1948 wrote to memory of 2440	1948	file.exe	29
PID 1948 wrote to memory of 2440	1948	file.exe	29
PID 1948 wrote to memory of 2440	1948	file.exe	29
PID 1948 wrote to memory of 2440	1948	file.exe	29
PID 1948 wrote to memory of 2440	1948	file.exe	29
PID 1948 wrote to memory of 2440	1948	file.exe	29
PID 1948 wrote to memory of 2440	1948	file.exe	29
PID 1948 wrote to memory of 2440	1948	file.exe	29
PID 1948 wrote to memory of 2440	1948	file.exe	29
PID 1948 wrote to memory of 2208	1948	file.exe	30
PID 1948 wrote to memory of 2208	1948	file.exe	30
PID 1948 wrote to memory of 2208	1948	file.exe	30
PID 1948 wrote to memory of 2208	1948	file.exe	30
PID 2440 wrote to memory of 3028	2440	AppLaunch.exe	31
PID 2440 wrote to memory of 3028	2440	AppLaunch.exe	31
PID 2440 wrote to memory of 3028	2440	AppLaunch.exe	31
PID 2440 wrote to memory of 3028	2440	AppLaunch.exe	31
PID 2440 wrote to memory of 3028	2440	AppLaunch.exe	31
PID 2440 wrote to memory of 3028	2440	AppLaunch.exe	31
PID 2440 wrote to memory of 3028	2440	AppLaunch.exe	31

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:1908
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2440
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 196
    3⤵
    - Program crash
    PID:3028
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 100
  2⤵
  - Program crash
  PID:2208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2440-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2440-1-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2440-2-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2440-4-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2440-5-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2440-6-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2440-7-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2440-8-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2440-10-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2440-12-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads