4243b819a4cacf20d035b5ea54043c3ca3e74f1ad4c5b00a36e7ff2972ffcacb

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12-10-2023 14:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4243b819a4cacf20d035b5ea54043c3ca3e74f1ad4c5b00a36e7ff2972ffcacb.exe
Size

1.3MB
MD5

38c0044f99107f194b63f9fe29f45f58
SHA1

252b6a6edfc1b97ceb999d563201ece039a11164
SHA256

4243b819a4cacf20d035b5ea54043c3ca3e74f1ad4c5b00a36e7ff2972ffcacb
SHA512

e0724ee785f86706e6c041d8709d9de34a4536844942f558973cb24f231be2f0118b6ad3a67381b5545a266aabc0d8236237846295609406194f5924b4e32974
SSDEEP

24576:px6d5CI3xqGvBSVbGM76eTSAdKIvY8Ss5VtX6rjs:G5CIBqkkN6eTSAQIQJKV4js

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

4243b819a4cacf20d035b5ea54043c3ca3e74f1ad4c5b00a36e7ff2972ffcacb.exe

description	pid	process	target process
PID 2228 set thread context of 2216	2228	4243b819a4cacf20d035b5ea54043c3ca3e74f1ad4c5b00a36e7ff2972ffcacb.exe	AppLaunch.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2380 2216 WerFault.exe AppLaunch.exe

pid	pid_target	process	target process
2380	2216	WerFault.exe	AppLaunch.exe

Suspicious use of WriteProcessMemory 21 IoCs

Processes:

4243b819a4cacf20d035b5ea54043c3ca3e74f1ad4c5b00a36e7ff2972ffcacb.exeAppLaunch.exe

description	pid	process	target process
PID 2228 wrote to memory of 2216	2228	4243b819a4cacf20d035b5ea54043c3ca3e74f1ad4c5b00a36e7ff2972ffcacb.exe	AppLaunch.exe
PID 2228 wrote to memory of 2216	2228	4243b819a4cacf20d035b5ea54043c3ca3e74f1ad4c5b00a36e7ff2972ffcacb.exe	AppLaunch.exe
PID 2228 wrote to memory of 2216	2228	4243b819a4cacf20d035b5ea54043c3ca3e74f1ad4c5b00a36e7ff2972ffcacb.exe	AppLaunch.exe
PID 2228 wrote to memory of 2216	2228	4243b819a4cacf20d035b5ea54043c3ca3e74f1ad4c5b00a36e7ff2972ffcacb.exe	AppLaunch.exe
PID 2228 wrote to memory of 2216	2228	4243b819a4cacf20d035b5ea54043c3ca3e74f1ad4c5b00a36e7ff2972ffcacb.exe	AppLaunch.exe
PID 2228 wrote to memory of 2216	2228	4243b819a4cacf20d035b5ea54043c3ca3e74f1ad4c5b00a36e7ff2972ffcacb.exe	AppLaunch.exe
PID 2228 wrote to memory of 2216	2228	4243b819a4cacf20d035b5ea54043c3ca3e74f1ad4c5b00a36e7ff2972ffcacb.exe	AppLaunch.exe
PID 2228 wrote to memory of 2216	2228	4243b819a4cacf20d035b5ea54043c3ca3e74f1ad4c5b00a36e7ff2972ffcacb.exe	AppLaunch.exe
PID 2228 wrote to memory of 2216	2228	4243b819a4cacf20d035b5ea54043c3ca3e74f1ad4c5b00a36e7ff2972ffcacb.exe	AppLaunch.exe
PID 2228 wrote to memory of 2216	2228	4243b819a4cacf20d035b5ea54043c3ca3e74f1ad4c5b00a36e7ff2972ffcacb.exe	AppLaunch.exe
PID 2228 wrote to memory of 2216	2228	4243b819a4cacf20d035b5ea54043c3ca3e74f1ad4c5b00a36e7ff2972ffcacb.exe	AppLaunch.exe
PID 2228 wrote to memory of 2216	2228	4243b819a4cacf20d035b5ea54043c3ca3e74f1ad4c5b00a36e7ff2972ffcacb.exe	AppLaunch.exe
PID 2228 wrote to memory of 2216	2228	4243b819a4cacf20d035b5ea54043c3ca3e74f1ad4c5b00a36e7ff2972ffcacb.exe	AppLaunch.exe
PID 2228 wrote to memory of 2216	2228	4243b819a4cacf20d035b5ea54043c3ca3e74f1ad4c5b00a36e7ff2972ffcacb.exe	AppLaunch.exe
PID 2216 wrote to memory of 2380	2216	AppLaunch.exe	WerFault.exe
PID 2216 wrote to memory of 2380	2216	AppLaunch.exe	WerFault.exe
PID 2216 wrote to memory of 2380	2216	AppLaunch.exe	WerFault.exe
PID 2216 wrote to memory of 2380	2216	AppLaunch.exe	WerFault.exe
PID 2216 wrote to memory of 2380	2216	AppLaunch.exe	WerFault.exe
PID 2216 wrote to memory of 2380	2216	AppLaunch.exe	WerFault.exe
PID 2216 wrote to memory of 2380	2216	AppLaunch.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\4243b819a4cacf20d035b5ea54043c3ca3e74f1ad4c5b00a36e7ff2972ffcacb.exe
"C:\Users\Admin\AppData\Local\Temp\4243b819a4cacf20d035b5ea54043c3ca3e74f1ad4c5b00a36e7ff2972ffcacb.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2228

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:2216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 200
3⤵
- Program crash
PID:2380

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2216-0-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/2216-1-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/2216-2-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/2216-3-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/2216-4-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/2216-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2216-5-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/2216-7-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/2216-9-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/2216-11-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download