f7ea90b5b680d04265b75fe5aeaef3425606b60f164bab35ba9b8560574396ff

Analysis

max time kernel
117s
max time network
125s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 17:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f7ea90b5b680d04265b75fe5aeaef3425606b60f164bab35ba9b8560574396ff.exe
Size

998KB
MD5

a2198296ee47fa70bef79c5e817b280f
SHA1

29020e75125391aeb7a9c110295b2cea7d80be4f
SHA256

f7ea90b5b680d04265b75fe5aeaef3425606b60f164bab35ba9b8560574396ff
SHA512

6a69eb2daaa646c0359c55650df1ad10db7a71e3694c64390be6a9a9c9b08b48c3bbdaac4f20b08ec37165e5c0a22984ec1a20ded65047d5915395eda1ad5a2b
SSDEEP

24576:z39J6738LsupDth9mSkWUiU/TbPKIxM3cw:z39oAsCDtuSYpbPKIxqcw

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1360 set thread context of 1304	1360	f7ea90b5b680d04265b75fe5aeaef3425606b60f164bab35ba9b8560574396ff.exe	28

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2588	1304	WerFault.exe	28

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 1360 wrote to memory of 1304	1360	f7ea90b5b680d04265b75fe5aeaef3425606b60f164bab35ba9b8560574396ff.exe	28
PID 1360 wrote to memory of 1304	1360	f7ea90b5b680d04265b75fe5aeaef3425606b60f164bab35ba9b8560574396ff.exe	28
PID 1360 wrote to memory of 1304	1360	f7ea90b5b680d04265b75fe5aeaef3425606b60f164bab35ba9b8560574396ff.exe	28
PID 1360 wrote to memory of 1304	1360	f7ea90b5b680d04265b75fe5aeaef3425606b60f164bab35ba9b8560574396ff.exe	28
PID 1360 wrote to memory of 1304	1360	f7ea90b5b680d04265b75fe5aeaef3425606b60f164bab35ba9b8560574396ff.exe	28
PID 1360 wrote to memory of 1304	1360	f7ea90b5b680d04265b75fe5aeaef3425606b60f164bab35ba9b8560574396ff.exe	28
PID 1360 wrote to memory of 1304	1360	f7ea90b5b680d04265b75fe5aeaef3425606b60f164bab35ba9b8560574396ff.exe	28
PID 1360 wrote to memory of 1304	1360	f7ea90b5b680d04265b75fe5aeaef3425606b60f164bab35ba9b8560574396ff.exe	28
PID 1360 wrote to memory of 1304	1360	f7ea90b5b680d04265b75fe5aeaef3425606b60f164bab35ba9b8560574396ff.exe	28
PID 1360 wrote to memory of 1304	1360	f7ea90b5b680d04265b75fe5aeaef3425606b60f164bab35ba9b8560574396ff.exe	28
PID 1360 wrote to memory of 1304	1360	f7ea90b5b680d04265b75fe5aeaef3425606b60f164bab35ba9b8560574396ff.exe	28
PID 1360 wrote to memory of 1304	1360	f7ea90b5b680d04265b75fe5aeaef3425606b60f164bab35ba9b8560574396ff.exe	28
PID 1360 wrote to memory of 1304	1360	f7ea90b5b680d04265b75fe5aeaef3425606b60f164bab35ba9b8560574396ff.exe	28
PID 1360 wrote to memory of 1304	1360	f7ea90b5b680d04265b75fe5aeaef3425606b60f164bab35ba9b8560574396ff.exe	28
PID 1304 wrote to memory of 2588	1304	AppLaunch.exe	29
PID 1304 wrote to memory of 2588	1304	AppLaunch.exe	29
PID 1304 wrote to memory of 2588	1304	AppLaunch.exe	29
PID 1304 wrote to memory of 2588	1304	AppLaunch.exe	29
PID 1304 wrote to memory of 2588	1304	AppLaunch.exe	29
PID 1304 wrote to memory of 2588	1304	AppLaunch.exe	29
PID 1304 wrote to memory of 2588	1304	AppLaunch.exe	29

C:\Users\Admin\AppData\Local\Temp\f7ea90b5b680d04265b75fe5aeaef3425606b60f164bab35ba9b8560574396ff.exe
"C:\Users\Admin\AppData\Local\Temp\f7ea90b5b680d04265b75fe5aeaef3425606b60f164bab35ba9b8560574396ff.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1360
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1304
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 200
    3⤵
    - Program crash
    PID:2588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1304-0-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/1304-1-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/1304-3-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/1304-4-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/1304-2-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/1304-5-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/1304-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/1304-7-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/1304-9-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/1304-11-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads