e4d2e96be91dd0945bbd52f51e5ae0b85ca3df6f83a8c3161fac01a79dfedad7

Analysis

max time kernel
122s
max time network
137s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 07:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e4d2e96be91dd0945bbd52f51e5ae0b85ca3df6f83a8c3161fac01a79dfedad7.exe
Size

1.0MB
MD5

9d0a9e513bd76d243c2e78341358f7cc
SHA1

2f5c7872844cc9acee3d951040703a59875684ed
SHA256

e4d2e96be91dd0945bbd52f51e5ae0b85ca3df6f83a8c3161fac01a79dfedad7
SHA512

c92c58ae7f45e38f0931a26cd3fa017e3d59508b4563a212e306ded32adf6dbc6b32fff45e6de6d0dcbbaa1bee5ea102c50cd35c041ff077fe344afe9d47f239
SSDEEP

12288:toendPenEp953bXeu5W2fo8oBNFJQxBTTASKuLpv+WE2yMGbg1qbw55:RdPenEp953bpfo8Un+TMSj+bT2

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2016 set thread context of 1764	2016	e4d2e96be91dd0945bbd52f51e5ae0b85ca3df6f83a8c3161fac01a79dfedad7.exe	29

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2232	2016	WerFault.exe	18
2392	1764	WerFault.exe	29

Suspicious use of WriteProcessMemory 25 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 1764	2016	e4d2e96be91dd0945bbd52f51e5ae0b85ca3df6f83a8c3161fac01a79dfedad7.exe	29
PID 2016 wrote to memory of 1764	2016	e4d2e96be91dd0945bbd52f51e5ae0b85ca3df6f83a8c3161fac01a79dfedad7.exe	29
PID 2016 wrote to memory of 1764	2016	e4d2e96be91dd0945bbd52f51e5ae0b85ca3df6f83a8c3161fac01a79dfedad7.exe	29
PID 2016 wrote to memory of 1764	2016	e4d2e96be91dd0945bbd52f51e5ae0b85ca3df6f83a8c3161fac01a79dfedad7.exe	29
PID 2016 wrote to memory of 1764	2016	e4d2e96be91dd0945bbd52f51e5ae0b85ca3df6f83a8c3161fac01a79dfedad7.exe	29
PID 2016 wrote to memory of 1764	2016	e4d2e96be91dd0945bbd52f51e5ae0b85ca3df6f83a8c3161fac01a79dfedad7.exe	29
PID 2016 wrote to memory of 1764	2016	e4d2e96be91dd0945bbd52f51e5ae0b85ca3df6f83a8c3161fac01a79dfedad7.exe	29
PID 2016 wrote to memory of 1764	2016	e4d2e96be91dd0945bbd52f51e5ae0b85ca3df6f83a8c3161fac01a79dfedad7.exe	29
PID 2016 wrote to memory of 1764	2016	e4d2e96be91dd0945bbd52f51e5ae0b85ca3df6f83a8c3161fac01a79dfedad7.exe	29
PID 2016 wrote to memory of 1764	2016	e4d2e96be91dd0945bbd52f51e5ae0b85ca3df6f83a8c3161fac01a79dfedad7.exe	29
PID 2016 wrote to memory of 1764	2016	e4d2e96be91dd0945bbd52f51e5ae0b85ca3df6f83a8c3161fac01a79dfedad7.exe	29
PID 2016 wrote to memory of 1764	2016	e4d2e96be91dd0945bbd52f51e5ae0b85ca3df6f83a8c3161fac01a79dfedad7.exe	29
PID 2016 wrote to memory of 1764	2016	e4d2e96be91dd0945bbd52f51e5ae0b85ca3df6f83a8c3161fac01a79dfedad7.exe	29
PID 2016 wrote to memory of 1764	2016	e4d2e96be91dd0945bbd52f51e5ae0b85ca3df6f83a8c3161fac01a79dfedad7.exe	29
PID 2016 wrote to memory of 2232	2016	e4d2e96be91dd0945bbd52f51e5ae0b85ca3df6f83a8c3161fac01a79dfedad7.exe	30
PID 2016 wrote to memory of 2232	2016	e4d2e96be91dd0945bbd52f51e5ae0b85ca3df6f83a8c3161fac01a79dfedad7.exe	30
PID 2016 wrote to memory of 2232	2016	e4d2e96be91dd0945bbd52f51e5ae0b85ca3df6f83a8c3161fac01a79dfedad7.exe	30
PID 2016 wrote to memory of 2232	2016	e4d2e96be91dd0945bbd52f51e5ae0b85ca3df6f83a8c3161fac01a79dfedad7.exe	30
PID 1764 wrote to memory of 2392	1764	AppLaunch.exe	31
PID 1764 wrote to memory of 2392	1764	AppLaunch.exe	31
PID 1764 wrote to memory of 2392	1764	AppLaunch.exe	31
PID 1764 wrote to memory of 2392	1764	AppLaunch.exe	31
PID 1764 wrote to memory of 2392	1764	AppLaunch.exe	31
PID 1764 wrote to memory of 2392	1764	AppLaunch.exe	31
PID 1764 wrote to memory of 2392	1764	AppLaunch.exe	31

C:\Users\Admin\AppData\Local\Temp\e4d2e96be91dd0945bbd52f51e5ae0b85ca3df6f83a8c3161fac01a79dfedad7.exe
"C:\Users\Admin\AppData\Local\Temp\e4d2e96be91dd0945bbd52f51e5ae0b85ca3df6f83a8c3161fac01a79dfedad7.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1764
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 196
    3⤵
    - Program crash
    PID:2392
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 52
  2⤵
  - Program crash
  PID:2232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1764-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1764-1-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1764-2-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1764-3-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1764-4-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1764-7-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1764-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/1764-5-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1764-9-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1764-11-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads