39297c6699e77bebb03768c28c8ede9af26eab48d53310c786fb17820aafd4a4

Analysis

max time kernel
119s
max time network
128s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
13-10-2023 01:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

39297c6699e77bebb03768c28c8ede9af26eab48d53310c786fb17820aafd4a4.exe
Size

1.2MB
MD5

a058af719098f1627e9f5717f4aef1c8
SHA1

6d7cfc8a1177349111db83ad640b51db93406cf6
SHA256

39297c6699e77bebb03768c28c8ede9af26eab48d53310c786fb17820aafd4a4
SHA512

73858bcebf2d1baa9e0d94c7ae72f4a75977899359d32ae1cbfb96d6ae7b1bde9a19333136695f99f476620b7c1636b6cdea5a05890910b2f04bde2a03c36887
SSDEEP

24576:OZtTPo+WCtA4ZBAfKBIcSp4k+iqy7XrZdzCU5ABhZ:OZtrzQmIc7ny7bZB/+BhZ

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2964 set thread context of 2736	2964	39297c6699e77bebb03768c28c8ede9af26eab48d53310c786fb17820aafd4a4.exe	29

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2616	2736	WerFault.exe	29

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 2640	2964	39297c6699e77bebb03768c28c8ede9af26eab48d53310c786fb17820aafd4a4.exe	28
PID 2964 wrote to memory of 2640	2964	39297c6699e77bebb03768c28c8ede9af26eab48d53310c786fb17820aafd4a4.exe	28
PID 2964 wrote to memory of 2640	2964	39297c6699e77bebb03768c28c8ede9af26eab48d53310c786fb17820aafd4a4.exe	28
PID 2964 wrote to memory of 2640	2964	39297c6699e77bebb03768c28c8ede9af26eab48d53310c786fb17820aafd4a4.exe	28
PID 2964 wrote to memory of 2640	2964	39297c6699e77bebb03768c28c8ede9af26eab48d53310c786fb17820aafd4a4.exe	28
PID 2964 wrote to memory of 2640	2964	39297c6699e77bebb03768c28c8ede9af26eab48d53310c786fb17820aafd4a4.exe	28
PID 2964 wrote to memory of 2640	2964	39297c6699e77bebb03768c28c8ede9af26eab48d53310c786fb17820aafd4a4.exe	28
PID 2964 wrote to memory of 2736	2964	39297c6699e77bebb03768c28c8ede9af26eab48d53310c786fb17820aafd4a4.exe	29
PID 2964 wrote to memory of 2736	2964	39297c6699e77bebb03768c28c8ede9af26eab48d53310c786fb17820aafd4a4.exe	29
PID 2964 wrote to memory of 2736	2964	39297c6699e77bebb03768c28c8ede9af26eab48d53310c786fb17820aafd4a4.exe	29
PID 2964 wrote to memory of 2736	2964	39297c6699e77bebb03768c28c8ede9af26eab48d53310c786fb17820aafd4a4.exe	29
PID 2964 wrote to memory of 2736	2964	39297c6699e77bebb03768c28c8ede9af26eab48d53310c786fb17820aafd4a4.exe	29
PID 2964 wrote to memory of 2736	2964	39297c6699e77bebb03768c28c8ede9af26eab48d53310c786fb17820aafd4a4.exe	29
PID 2964 wrote to memory of 2736	2964	39297c6699e77bebb03768c28c8ede9af26eab48d53310c786fb17820aafd4a4.exe	29
PID 2964 wrote to memory of 2736	2964	39297c6699e77bebb03768c28c8ede9af26eab48d53310c786fb17820aafd4a4.exe	29
PID 2964 wrote to memory of 2736	2964	39297c6699e77bebb03768c28c8ede9af26eab48d53310c786fb17820aafd4a4.exe	29
PID 2964 wrote to memory of 2736	2964	39297c6699e77bebb03768c28c8ede9af26eab48d53310c786fb17820aafd4a4.exe	29
PID 2964 wrote to memory of 2736	2964	39297c6699e77bebb03768c28c8ede9af26eab48d53310c786fb17820aafd4a4.exe	29
PID 2964 wrote to memory of 2736	2964	39297c6699e77bebb03768c28c8ede9af26eab48d53310c786fb17820aafd4a4.exe	29
PID 2964 wrote to memory of 2736	2964	39297c6699e77bebb03768c28c8ede9af26eab48d53310c786fb17820aafd4a4.exe	29
PID 2964 wrote to memory of 2736	2964	39297c6699e77bebb03768c28c8ede9af26eab48d53310c786fb17820aafd4a4.exe	29
PID 2736 wrote to memory of 2616	2736	AppLaunch.exe	30
PID 2736 wrote to memory of 2616	2736	AppLaunch.exe	30
PID 2736 wrote to memory of 2616	2736	AppLaunch.exe	30
PID 2736 wrote to memory of 2616	2736	AppLaunch.exe	30
PID 2736 wrote to memory of 2616	2736	AppLaunch.exe	30
PID 2736 wrote to memory of 2616	2736	AppLaunch.exe	30
PID 2736 wrote to memory of 2616	2736	AppLaunch.exe	30

C:\Users\Admin\AppData\Local\Temp\39297c6699e77bebb03768c28c8ede9af26eab48d53310c786fb17820aafd4a4.exe
"C:\Users\Admin\AppData\Local\Temp\39297c6699e77bebb03768c28c8ede9af26eab48d53310c786fb17820aafd4a4.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:2640
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2736
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 200
    3⤵
    - Program crash
    PID:2616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2736-0-0x0000000000400000-0x0000000000506000-memory.dmp

Filesize
1.0MB

Download
memory/2736-1-0x0000000000400000-0x0000000000506000-memory.dmp

Filesize
1.0MB

Download
memory/2736-2-0x0000000000400000-0x0000000000506000-memory.dmp

Filesize
1.0MB

Download
memory/2736-3-0x0000000000400000-0x0000000000506000-memory.dmp

Filesize
1.0MB

Download
memory/2736-4-0x0000000000400000-0x0000000000506000-memory.dmp

Filesize
1.0MB

Download
memory/2736-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2736-5-0x0000000000400000-0x0000000000506000-memory.dmp

Filesize
1.0MB

Download
memory/2736-7-0x0000000000400000-0x0000000000506000-memory.dmp

Filesize
1.0MB

Download
memory/2736-9-0x0000000000400000-0x0000000000506000-memory.dmp

Filesize
1.0MB

Download
memory/2736-11-0x0000000000400000-0x0000000000506000-memory.dmp

Filesize
1.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads