Analysis
-
max time kernel
119s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
13-10-2023 23:22
Static task
static1
Behavioral task
behavioral1
Sample
c324b4b4607b9b2b44ef58d73be9907a507f3f61811f8c1c65400558606b6377.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
c324b4b4607b9b2b44ef58d73be9907a507f3f61811f8c1c65400558606b6377.exe
Resource
win10v2004-20230915-en
General
-
Target
c324b4b4607b9b2b44ef58d73be9907a507f3f61811f8c1c65400558606b6377.exe
-
Size
2.5MB
-
MD5
bbdca2094e19141411a5bf3b01a18abc
-
SHA1
42de98f7e2720ec6a87dda5142dc0b18db75fe1a
-
SHA256
c324b4b4607b9b2b44ef58d73be9907a507f3f61811f8c1c65400558606b6377
-
SHA512
9660e32e581381aa3cb3247fae095ab3e760119b600c09bf61ec325d657d75ec09e5c57e74395775cc8df79e99819593020a51568c4db3a74442cd0b7968fd15
-
SSDEEP
49152:4GMtyQ3eJziMp6a3vw+9aWzUiJ6L1ot5NB:4GMtLMQ5+9aWzLJ6xo/N
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 2012 set thread context of 2768 2012 c324b4b4607b9b2b44ef58d73be9907a507f3f61811f8c1c65400558606b6377.exe 31 -
Program crash 1 IoCs
pid pid_target Process procid_target 2888 2768 WerFault.exe 31 -
Suspicious use of WriteProcessMemory 21 IoCs
description pid Process procid_target PID 2012 wrote to memory of 2768 2012 c324b4b4607b9b2b44ef58d73be9907a507f3f61811f8c1c65400558606b6377.exe 31 PID 2012 wrote to memory of 2768 2012 c324b4b4607b9b2b44ef58d73be9907a507f3f61811f8c1c65400558606b6377.exe 31 PID 2012 wrote to memory of 2768 2012 c324b4b4607b9b2b44ef58d73be9907a507f3f61811f8c1c65400558606b6377.exe 31 PID 2012 wrote to memory of 2768 2012 c324b4b4607b9b2b44ef58d73be9907a507f3f61811f8c1c65400558606b6377.exe 31 PID 2012 wrote to memory of 2768 2012 c324b4b4607b9b2b44ef58d73be9907a507f3f61811f8c1c65400558606b6377.exe 31 PID 2012 wrote to memory of 2768 2012 c324b4b4607b9b2b44ef58d73be9907a507f3f61811f8c1c65400558606b6377.exe 31 PID 2012 wrote to memory of 2768 2012 c324b4b4607b9b2b44ef58d73be9907a507f3f61811f8c1c65400558606b6377.exe 31 PID 2012 wrote to memory of 2768 2012 c324b4b4607b9b2b44ef58d73be9907a507f3f61811f8c1c65400558606b6377.exe 31 PID 2012 wrote to memory of 2768 2012 c324b4b4607b9b2b44ef58d73be9907a507f3f61811f8c1c65400558606b6377.exe 31 PID 2012 wrote to memory of 2768 2012 c324b4b4607b9b2b44ef58d73be9907a507f3f61811f8c1c65400558606b6377.exe 31 PID 2012 wrote to memory of 2768 2012 c324b4b4607b9b2b44ef58d73be9907a507f3f61811f8c1c65400558606b6377.exe 31 PID 2012 wrote to memory of 2768 2012 c324b4b4607b9b2b44ef58d73be9907a507f3f61811f8c1c65400558606b6377.exe 31 PID 2012 wrote to memory of 2768 2012 c324b4b4607b9b2b44ef58d73be9907a507f3f61811f8c1c65400558606b6377.exe 31 PID 2012 wrote to memory of 2768 2012 c324b4b4607b9b2b44ef58d73be9907a507f3f61811f8c1c65400558606b6377.exe 31 PID 2768 wrote to memory of 2888 2768 AppLaunch.exe 32 PID 2768 wrote to memory of 2888 2768 AppLaunch.exe 32 PID 2768 wrote to memory of 2888 2768 AppLaunch.exe 32 PID 2768 wrote to memory of 2888 2768 AppLaunch.exe 32 PID 2768 wrote to memory of 2888 2768 AppLaunch.exe 32 PID 2768 wrote to memory of 2888 2768 AppLaunch.exe 32 PID 2768 wrote to memory of 2888 2768 AppLaunch.exe 32
Processes
-
C:\Users\Admin\AppData\Local\Temp\c324b4b4607b9b2b44ef58d73be9907a507f3f61811f8c1c65400558606b6377.exe"C:\Users\Admin\AppData\Local\Temp\c324b4b4607b9b2b44ef58d73be9907a507f3f61811f8c1c65400558606b6377.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2012 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:2768 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 2003⤵
- Program crash
PID:2888
-
-