ba15f738e5e9a7502e1451746cda61b5c62b8cf59737ee28315ae6733d5543ea

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 13:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ba15f738e5e9a7502e1451746cda61b5c62b8cf59737ee28315ae6733d5543ea.exe
Size

393KB
MD5

95d87225713c6998a6abe498db75af93
SHA1

5f6bae5f483cc222bb90e3f9af8bc8ebfd56eae7
SHA256

ba15f738e5e9a7502e1451746cda61b5c62b8cf59737ee28315ae6733d5543ea
SHA512

c72943958d42761ba2c081b7ddcfde17742f6a119a0493d47dbf210a52fe6e4304ddb4bc5628dc2af5084d51bde2ac7c163e8fe0727507a4122a3781d43cceac
SSDEEP

6144:npvjEH2jicP5iOo2T8VrSd/sUAORkl9i2foCJjjVJoe1aLsc08xRZVfMl1Sa:npviqiG59ounkPi2Q4HVJF8vZ9A1Sa

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2212 set thread context of 2744	2212	ba15f738e5e9a7502e1451746cda61b5c62b8cf59737ee28315ae6733d5543ea.exe	29

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2668	2744	WerFault.exe	29

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 2744	2212	ba15f738e5e9a7502e1451746cda61b5c62b8cf59737ee28315ae6733d5543ea.exe	29
PID 2212 wrote to memory of 2744	2212	ba15f738e5e9a7502e1451746cda61b5c62b8cf59737ee28315ae6733d5543ea.exe	29
PID 2212 wrote to memory of 2744	2212	ba15f738e5e9a7502e1451746cda61b5c62b8cf59737ee28315ae6733d5543ea.exe	29
PID 2212 wrote to memory of 2744	2212	ba15f738e5e9a7502e1451746cda61b5c62b8cf59737ee28315ae6733d5543ea.exe	29
PID 2212 wrote to memory of 2744	2212	ba15f738e5e9a7502e1451746cda61b5c62b8cf59737ee28315ae6733d5543ea.exe	29
PID 2212 wrote to memory of 2744	2212	ba15f738e5e9a7502e1451746cda61b5c62b8cf59737ee28315ae6733d5543ea.exe	29
PID 2212 wrote to memory of 2744	2212	ba15f738e5e9a7502e1451746cda61b5c62b8cf59737ee28315ae6733d5543ea.exe	29
PID 2212 wrote to memory of 2744	2212	ba15f738e5e9a7502e1451746cda61b5c62b8cf59737ee28315ae6733d5543ea.exe	29
PID 2212 wrote to memory of 2744	2212	ba15f738e5e9a7502e1451746cda61b5c62b8cf59737ee28315ae6733d5543ea.exe	29
PID 2212 wrote to memory of 2744	2212	ba15f738e5e9a7502e1451746cda61b5c62b8cf59737ee28315ae6733d5543ea.exe	29
PID 2212 wrote to memory of 2744	2212	ba15f738e5e9a7502e1451746cda61b5c62b8cf59737ee28315ae6733d5543ea.exe	29
PID 2212 wrote to memory of 2744	2212	ba15f738e5e9a7502e1451746cda61b5c62b8cf59737ee28315ae6733d5543ea.exe	29
PID 2212 wrote to memory of 2744	2212	ba15f738e5e9a7502e1451746cda61b5c62b8cf59737ee28315ae6733d5543ea.exe	29
PID 2212 wrote to memory of 2744	2212	ba15f738e5e9a7502e1451746cda61b5c62b8cf59737ee28315ae6733d5543ea.exe	29
PID 2744 wrote to memory of 2668	2744	AppLaunch.exe	30
PID 2744 wrote to memory of 2668	2744	AppLaunch.exe	30
PID 2744 wrote to memory of 2668	2744	AppLaunch.exe	30
PID 2744 wrote to memory of 2668	2744	AppLaunch.exe	30
PID 2744 wrote to memory of 2668	2744	AppLaunch.exe	30
PID 2744 wrote to memory of 2668	2744	AppLaunch.exe	30
PID 2744 wrote to memory of 2668	2744	AppLaunch.exe	30

C:\Users\Admin\AppData\Local\Temp\ba15f738e5e9a7502e1451746cda61b5c62b8cf59737ee28315ae6733d5543ea.exe
"C:\Users\Admin\AppData\Local\Temp\ba15f738e5e9a7502e1451746cda61b5c62b8cf59737ee28315ae6733d5543ea.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2744
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 196
    3⤵
    - Program crash
    PID:2668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2744-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2744-7-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2744-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2744-5-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2744-4-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2744-3-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2744-2-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2744-1-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2744-9-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2744-11-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads