94c219dadc9b54ea5da50944d4f8d608f69cea39c3250acd165f7dd2454f343d

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
13/10/2023, 21:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

94c219dadc9b54ea5da50944d4f8d608f69cea39c3250acd165f7dd2454f343d.exe
Size

1.4MB
MD5

686018572d915e8db1b495b39e38df4b
SHA1

b2cc8c5a12c898e50ee6c271e313f2c294044065
SHA256

94c219dadc9b54ea5da50944d4f8d608f69cea39c3250acd165f7dd2454f343d
SHA512

185630e34c43967830366817604a40eb9afcfa4ff2147db5794e8758fc8743763b82caceddf1624a1e5105f61c6d6b440cd0d63e1589a71f5c3d5561ca11273f
SSDEEP

24576:iygKhyfiyU/ndTKMXSmt825IvbgSLGIHAToK3JnKjk06iK/4RHQ16K3ji:DgK2in/nRiNpvbnxA0K3Ejk0LTi16KG

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1712 set thread context of 1924	1712	94c219dadc9b54ea5da50944d4f8d608f69cea39c3250acd165f7dd2454f343d.exe	29

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2588	1924	WerFault.exe	29

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 1924	1712	94c219dadc9b54ea5da50944d4f8d608f69cea39c3250acd165f7dd2454f343d.exe	29
PID 1712 wrote to memory of 1924	1712	94c219dadc9b54ea5da50944d4f8d608f69cea39c3250acd165f7dd2454f343d.exe	29
PID 1712 wrote to memory of 1924	1712	94c219dadc9b54ea5da50944d4f8d608f69cea39c3250acd165f7dd2454f343d.exe	29
PID 1712 wrote to memory of 1924	1712	94c219dadc9b54ea5da50944d4f8d608f69cea39c3250acd165f7dd2454f343d.exe	29
PID 1712 wrote to memory of 1924	1712	94c219dadc9b54ea5da50944d4f8d608f69cea39c3250acd165f7dd2454f343d.exe	29
PID 1712 wrote to memory of 1924	1712	94c219dadc9b54ea5da50944d4f8d608f69cea39c3250acd165f7dd2454f343d.exe	29
PID 1712 wrote to memory of 1924	1712	94c219dadc9b54ea5da50944d4f8d608f69cea39c3250acd165f7dd2454f343d.exe	29
PID 1712 wrote to memory of 1924	1712	94c219dadc9b54ea5da50944d4f8d608f69cea39c3250acd165f7dd2454f343d.exe	29
PID 1712 wrote to memory of 1924	1712	94c219dadc9b54ea5da50944d4f8d608f69cea39c3250acd165f7dd2454f343d.exe	29
PID 1712 wrote to memory of 1924	1712	94c219dadc9b54ea5da50944d4f8d608f69cea39c3250acd165f7dd2454f343d.exe	29
PID 1712 wrote to memory of 1924	1712	94c219dadc9b54ea5da50944d4f8d608f69cea39c3250acd165f7dd2454f343d.exe	29
PID 1712 wrote to memory of 1924	1712	94c219dadc9b54ea5da50944d4f8d608f69cea39c3250acd165f7dd2454f343d.exe	29
PID 1712 wrote to memory of 1924	1712	94c219dadc9b54ea5da50944d4f8d608f69cea39c3250acd165f7dd2454f343d.exe	29
PID 1712 wrote to memory of 1924	1712	94c219dadc9b54ea5da50944d4f8d608f69cea39c3250acd165f7dd2454f343d.exe	29
PID 1924 wrote to memory of 2588	1924	AppLaunch.exe	30
PID 1924 wrote to memory of 2588	1924	AppLaunch.exe	30
PID 1924 wrote to memory of 2588	1924	AppLaunch.exe	30
PID 1924 wrote to memory of 2588	1924	AppLaunch.exe	30
PID 1924 wrote to memory of 2588	1924	AppLaunch.exe	30
PID 1924 wrote to memory of 2588	1924	AppLaunch.exe	30
PID 1924 wrote to memory of 2588	1924	AppLaunch.exe	30

C:\Users\Admin\AppData\Local\Temp\94c219dadc9b54ea5da50944d4f8d608f69cea39c3250acd165f7dd2454f343d.exe
"C:\Users\Admin\AppData\Local\Temp\94c219dadc9b54ea5da50944d4f8d608f69cea39c3250acd165f7dd2454f343d.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1924
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 200
    3⤵
    - Program crash
    PID:2588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1924-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1924-1-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1924-2-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1924-3-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1924-4-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1924-5-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1924-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/1924-7-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1924-9-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1924-11-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads