64e6358c281b0cc66b257f99d511388f36597a06d5cbd782e6b5978509885d76

Analysis

max time kernel
121s
max time network
139s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 19:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

64e6358c281b0cc66b257f99d511388f36597a06d5cbd782e6b5978509885d76.exe
Size

1.4MB
MD5

d177aa72f010360d299b1f855727ab0d
SHA1

60792231c1383d8d915d148fa736c57dd56d66b9
SHA256

64e6358c281b0cc66b257f99d511388f36597a06d5cbd782e6b5978509885d76
SHA512

76094ed76227c9f9ffece4571cbaad90b14cb799ed00a83754151261e2c8135e89c65efd41d3112aba7ef1dd1332f403294169a2c1efea1951bb7de9a00f9b89
SSDEEP

24576:x09QRSFJChNA2nlO7my2I24GJ/Y1HEDGdDpa1dDDSRMGC/1lwrsOjc0SpIaalAmj:x09QRSFnv2rpY1HeGu1lLBnyviQA2OkP

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1096 set thread context of 1720	1096	64e6358c281b0cc66b257f99d511388f36597a06d5cbd782e6b5978509885d76.exe	28

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1984	1720	WerFault.exe	28

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 1096 wrote to memory of 1720	1096	64e6358c281b0cc66b257f99d511388f36597a06d5cbd782e6b5978509885d76.exe	28
PID 1096 wrote to memory of 1720	1096	64e6358c281b0cc66b257f99d511388f36597a06d5cbd782e6b5978509885d76.exe	28
PID 1096 wrote to memory of 1720	1096	64e6358c281b0cc66b257f99d511388f36597a06d5cbd782e6b5978509885d76.exe	28
PID 1096 wrote to memory of 1720	1096	64e6358c281b0cc66b257f99d511388f36597a06d5cbd782e6b5978509885d76.exe	28
PID 1096 wrote to memory of 1720	1096	64e6358c281b0cc66b257f99d511388f36597a06d5cbd782e6b5978509885d76.exe	28
PID 1096 wrote to memory of 1720	1096	64e6358c281b0cc66b257f99d511388f36597a06d5cbd782e6b5978509885d76.exe	28
PID 1096 wrote to memory of 1720	1096	64e6358c281b0cc66b257f99d511388f36597a06d5cbd782e6b5978509885d76.exe	28
PID 1096 wrote to memory of 1720	1096	64e6358c281b0cc66b257f99d511388f36597a06d5cbd782e6b5978509885d76.exe	28
PID 1096 wrote to memory of 1720	1096	64e6358c281b0cc66b257f99d511388f36597a06d5cbd782e6b5978509885d76.exe	28
PID 1096 wrote to memory of 1720	1096	64e6358c281b0cc66b257f99d511388f36597a06d5cbd782e6b5978509885d76.exe	28
PID 1096 wrote to memory of 1720	1096	64e6358c281b0cc66b257f99d511388f36597a06d5cbd782e6b5978509885d76.exe	28
PID 1096 wrote to memory of 1720	1096	64e6358c281b0cc66b257f99d511388f36597a06d5cbd782e6b5978509885d76.exe	28
PID 1096 wrote to memory of 1720	1096	64e6358c281b0cc66b257f99d511388f36597a06d5cbd782e6b5978509885d76.exe	28
PID 1096 wrote to memory of 1720	1096	64e6358c281b0cc66b257f99d511388f36597a06d5cbd782e6b5978509885d76.exe	28
PID 1720 wrote to memory of 1984	1720	AppLaunch.exe	29
PID 1720 wrote to memory of 1984	1720	AppLaunch.exe	29
PID 1720 wrote to memory of 1984	1720	AppLaunch.exe	29
PID 1720 wrote to memory of 1984	1720	AppLaunch.exe	29
PID 1720 wrote to memory of 1984	1720	AppLaunch.exe	29
PID 1720 wrote to memory of 1984	1720	AppLaunch.exe	29
PID 1720 wrote to memory of 1984	1720	AppLaunch.exe	29

C:\Users\Admin\AppData\Local\Temp\64e6358c281b0cc66b257f99d511388f36597a06d5cbd782e6b5978509885d76.exe
"C:\Users\Admin\AppData\Local\Temp\64e6358c281b0cc66b257f99d511388f36597a06d5cbd782e6b5978509885d76.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1720
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 200
    3⤵
    - Program crash
    PID:1984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1720-0-0x0000000000400000-0x000000000053A000-memory.dmp

Filesize
1.2MB

Download
memory/1720-1-0x0000000000400000-0x000000000053A000-memory.dmp

Filesize
1.2MB

Download
memory/1720-2-0x0000000000400000-0x000000000053A000-memory.dmp

Filesize
1.2MB

Download
memory/1720-3-0x0000000000400000-0x000000000053A000-memory.dmp

Filesize
1.2MB

Download
memory/1720-4-0x0000000000400000-0x000000000053A000-memory.dmp

Filesize
1.2MB

Download
memory/1720-5-0x0000000000400000-0x000000000053A000-memory.dmp

Filesize
1.2MB

Download
memory/1720-7-0x0000000000400000-0x000000000053A000-memory.dmp

Filesize
1.2MB

Download
memory/1720-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/1720-9-0x0000000000400000-0x000000000053A000-memory.dmp

Filesize
1.2MB

Download
memory/1720-11-0x0000000000400000-0x000000000053A000-memory.dmp

Filesize
1.2MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads