5cf86880c3bbe029a1978f5013fa92b6b904ce8630d2cdf48e080a254ed74699

Analysis

max time kernel
121s
max time network
134s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 08:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5cf86880c3bbe029a1978f5013fa92b6b904ce8630d2cdf48e080a254ed74699.exe
Size

1.0MB
MD5

9108f8e4343c54ef444c17538c1384c6
SHA1

bbca46824ed6f846fc9bdf0a631129d410cf060a
SHA256

5cf86880c3bbe029a1978f5013fa92b6b904ce8630d2cdf48e080a254ed74699
SHA512

c01e053578b1b02fd5baf0fcf393ce7528d246ad51cdc54a2929ee3a6b88395c9f63acb02a193ef3e448fa21ffb41a1c8f38d8e15efe56de69361e7d10384864
SSDEEP

24576:bVPenEp953bQfo8LnAT87GQJ2km7/BF3lPyEkeB:9p953bwdY8T2kAflPzke

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2888 set thread context of 3044	2888	5cf86880c3bbe029a1978f5013fa92b6b904ce8630d2cdf48e080a254ed74699.exe	29

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2788	2888	WerFault.exe	20
2624	3044	WerFault.exe	29

Suspicious use of WriteProcessMemory 25 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 3044	2888	5cf86880c3bbe029a1978f5013fa92b6b904ce8630d2cdf48e080a254ed74699.exe	29
PID 2888 wrote to memory of 3044	2888	5cf86880c3bbe029a1978f5013fa92b6b904ce8630d2cdf48e080a254ed74699.exe	29
PID 2888 wrote to memory of 3044	2888	5cf86880c3bbe029a1978f5013fa92b6b904ce8630d2cdf48e080a254ed74699.exe	29
PID 2888 wrote to memory of 3044	2888	5cf86880c3bbe029a1978f5013fa92b6b904ce8630d2cdf48e080a254ed74699.exe	29
PID 2888 wrote to memory of 3044	2888	5cf86880c3bbe029a1978f5013fa92b6b904ce8630d2cdf48e080a254ed74699.exe	29
PID 2888 wrote to memory of 3044	2888	5cf86880c3bbe029a1978f5013fa92b6b904ce8630d2cdf48e080a254ed74699.exe	29
PID 2888 wrote to memory of 3044	2888	5cf86880c3bbe029a1978f5013fa92b6b904ce8630d2cdf48e080a254ed74699.exe	29
PID 2888 wrote to memory of 3044	2888	5cf86880c3bbe029a1978f5013fa92b6b904ce8630d2cdf48e080a254ed74699.exe	29
PID 2888 wrote to memory of 3044	2888	5cf86880c3bbe029a1978f5013fa92b6b904ce8630d2cdf48e080a254ed74699.exe	29
PID 2888 wrote to memory of 3044	2888	5cf86880c3bbe029a1978f5013fa92b6b904ce8630d2cdf48e080a254ed74699.exe	29
PID 2888 wrote to memory of 3044	2888	5cf86880c3bbe029a1978f5013fa92b6b904ce8630d2cdf48e080a254ed74699.exe	29
PID 2888 wrote to memory of 3044	2888	5cf86880c3bbe029a1978f5013fa92b6b904ce8630d2cdf48e080a254ed74699.exe	29
PID 2888 wrote to memory of 3044	2888	5cf86880c3bbe029a1978f5013fa92b6b904ce8630d2cdf48e080a254ed74699.exe	29
PID 2888 wrote to memory of 3044	2888	5cf86880c3bbe029a1978f5013fa92b6b904ce8630d2cdf48e080a254ed74699.exe	29
PID 2888 wrote to memory of 2788	2888	5cf86880c3bbe029a1978f5013fa92b6b904ce8630d2cdf48e080a254ed74699.exe	30
PID 2888 wrote to memory of 2788	2888	5cf86880c3bbe029a1978f5013fa92b6b904ce8630d2cdf48e080a254ed74699.exe	30
PID 2888 wrote to memory of 2788	2888	5cf86880c3bbe029a1978f5013fa92b6b904ce8630d2cdf48e080a254ed74699.exe	30
PID 2888 wrote to memory of 2788	2888	5cf86880c3bbe029a1978f5013fa92b6b904ce8630d2cdf48e080a254ed74699.exe	30
PID 3044 wrote to memory of 2624	3044	AppLaunch.exe	31
PID 3044 wrote to memory of 2624	3044	AppLaunch.exe	31
PID 3044 wrote to memory of 2624	3044	AppLaunch.exe	31
PID 3044 wrote to memory of 2624	3044	AppLaunch.exe	31
PID 3044 wrote to memory of 2624	3044	AppLaunch.exe	31
PID 3044 wrote to memory of 2624	3044	AppLaunch.exe	31
PID 3044 wrote to memory of 2624	3044	AppLaunch.exe	31

C:\Users\Admin\AppData\Local\Temp\5cf86880c3bbe029a1978f5013fa92b6b904ce8630d2cdf48e080a254ed74699.exe
"C:\Users\Admin\AppData\Local\Temp\5cf86880c3bbe029a1978f5013fa92b6b904ce8630d2cdf48e080a254ed74699.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2888
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3044
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 196
    3⤵
    - Program crash
    PID:2624
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 52
  2⤵
  - Program crash
  PID:2788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3044-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3044-1-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3044-3-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3044-2-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3044-4-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3044-5-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3044-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/3044-7-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3044-9-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3044-11-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads