e64f15aafb19cc0c568c25aab4ed9e339e9948537882cdf2c6a22c53507fe930

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12-10-2023 14:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e64f15aafb19cc0c568c25aab4ed9e339e9948537882cdf2c6a22c53507fe930.exe
Size

1.3MB
MD5

da1333144d8b061a48cb0401f52f2d3e
SHA1

cedec8d21fdf51a8f95eee01f41fae764f5711f5
SHA256

e64f15aafb19cc0c568c25aab4ed9e339e9948537882cdf2c6a22c53507fe930
SHA512

65d679934febb8fccceedfb5436fa535482f8e1c43adf1b712481deed328a628fac1188ec8ff743996e3e9099f0bde8b7dfa1721e4cdc55b042c6337ed9d07fd
SSDEEP

24576:3Ld650qMgM/k/Q1ZaKjeeNfmdPvnQD9hUUpeN2RK9kvI7AfCSrHqMdxQs:s50q/M/k/oZaKjeeA9vQD7Dq2RJ2AfCY

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2588 set thread context of 2324	2588	e64f15aafb19cc0c568c25aab4ed9e339e9948537882cdf2c6a22c53507fe930.exe	29

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2596	2324	WerFault.exe	29

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 2588 wrote to memory of 2324	2588	e64f15aafb19cc0c568c25aab4ed9e339e9948537882cdf2c6a22c53507fe930.exe	29
PID 2588 wrote to memory of 2324	2588	e64f15aafb19cc0c568c25aab4ed9e339e9948537882cdf2c6a22c53507fe930.exe	29
PID 2588 wrote to memory of 2324	2588	e64f15aafb19cc0c568c25aab4ed9e339e9948537882cdf2c6a22c53507fe930.exe	29
PID 2588 wrote to memory of 2324	2588	e64f15aafb19cc0c568c25aab4ed9e339e9948537882cdf2c6a22c53507fe930.exe	29
PID 2588 wrote to memory of 2324	2588	e64f15aafb19cc0c568c25aab4ed9e339e9948537882cdf2c6a22c53507fe930.exe	29
PID 2588 wrote to memory of 2324	2588	e64f15aafb19cc0c568c25aab4ed9e339e9948537882cdf2c6a22c53507fe930.exe	29
PID 2588 wrote to memory of 2324	2588	e64f15aafb19cc0c568c25aab4ed9e339e9948537882cdf2c6a22c53507fe930.exe	29
PID 2588 wrote to memory of 2324	2588	e64f15aafb19cc0c568c25aab4ed9e339e9948537882cdf2c6a22c53507fe930.exe	29
PID 2588 wrote to memory of 2324	2588	e64f15aafb19cc0c568c25aab4ed9e339e9948537882cdf2c6a22c53507fe930.exe	29
PID 2588 wrote to memory of 2324	2588	e64f15aafb19cc0c568c25aab4ed9e339e9948537882cdf2c6a22c53507fe930.exe	29
PID 2588 wrote to memory of 2324	2588	e64f15aafb19cc0c568c25aab4ed9e339e9948537882cdf2c6a22c53507fe930.exe	29
PID 2588 wrote to memory of 2324	2588	e64f15aafb19cc0c568c25aab4ed9e339e9948537882cdf2c6a22c53507fe930.exe	29
PID 2588 wrote to memory of 2324	2588	e64f15aafb19cc0c568c25aab4ed9e339e9948537882cdf2c6a22c53507fe930.exe	29
PID 2588 wrote to memory of 2324	2588	e64f15aafb19cc0c568c25aab4ed9e339e9948537882cdf2c6a22c53507fe930.exe	29
PID 2324 wrote to memory of 2596	2324	AppLaunch.exe	30
PID 2324 wrote to memory of 2596	2324	AppLaunch.exe	30
PID 2324 wrote to memory of 2596	2324	AppLaunch.exe	30
PID 2324 wrote to memory of 2596	2324	AppLaunch.exe	30
PID 2324 wrote to memory of 2596	2324	AppLaunch.exe	30
PID 2324 wrote to memory of 2596	2324	AppLaunch.exe	30
PID 2324 wrote to memory of 2596	2324	AppLaunch.exe	30

C:\Users\Admin\AppData\Local\Temp\e64f15aafb19cc0c568c25aab4ed9e339e9948537882cdf2c6a22c53507fe930.exe
"C:\Users\Admin\AppData\Local\Temp\e64f15aafb19cc0c568c25aab4ed9e339e9948537882cdf2c6a22c53507fe930.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2588
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2324
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 200
    3⤵
    - Program crash
    PID:2596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2324-1-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/2324-3-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/2324-5-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/2324-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2324-4-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/2324-2-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/2324-7-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/2324-0-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/2324-9-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/2324-11-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads