0ccdaa4b3990bcf4745acfd0ef34da97e2a8734aaa88d6b9b6bbf6b7750630e1

Analysis

max time kernel
117s
max time network
128s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
13/10/2023, 02:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ccdaa4b3990bcf4745acfd0ef34da97e2a8734aaa88d6b9b6bbf6b7750630e1.exe
Size

1.2MB
MD5

52b8c6aca612750f0732e58b42e9db9e
SHA1

2acc3ab9792418c585a67a793db4dd10761e3d95
SHA256

0ccdaa4b3990bcf4745acfd0ef34da97e2a8734aaa88d6b9b6bbf6b7750630e1
SHA512

435c59ce6d85bba3c23820dbc85b5e91059b8f712c8c411889193f5d4a41a56e1685a23bd192fababd0e49f4f075dce5083b26a0e4b0dd917a26c5e6f9265809
SSDEEP

24576:4Zts6DyaTwqfK5ASnIwHnNwVza8gswrbVWNO0Q5055Nv/aSIjfhZ:4ZtsZqf8nIynYOYNO0BlvyNfhZ

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2760 set thread context of 2568	2760	0ccdaa4b3990bcf4745acfd0ef34da97e2a8734aaa88d6b9b6bbf6b7750630e1.exe	29

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2700	2568	WerFault.exe	29

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 2760 wrote to memory of 2568	2760	0ccdaa4b3990bcf4745acfd0ef34da97e2a8734aaa88d6b9b6bbf6b7750630e1.exe	29
PID 2760 wrote to memory of 2568	2760	0ccdaa4b3990bcf4745acfd0ef34da97e2a8734aaa88d6b9b6bbf6b7750630e1.exe	29
PID 2760 wrote to memory of 2568	2760	0ccdaa4b3990bcf4745acfd0ef34da97e2a8734aaa88d6b9b6bbf6b7750630e1.exe	29
PID 2760 wrote to memory of 2568	2760	0ccdaa4b3990bcf4745acfd0ef34da97e2a8734aaa88d6b9b6bbf6b7750630e1.exe	29
PID 2760 wrote to memory of 2568	2760	0ccdaa4b3990bcf4745acfd0ef34da97e2a8734aaa88d6b9b6bbf6b7750630e1.exe	29
PID 2760 wrote to memory of 2568	2760	0ccdaa4b3990bcf4745acfd0ef34da97e2a8734aaa88d6b9b6bbf6b7750630e1.exe	29
PID 2760 wrote to memory of 2568	2760	0ccdaa4b3990bcf4745acfd0ef34da97e2a8734aaa88d6b9b6bbf6b7750630e1.exe	29
PID 2760 wrote to memory of 2568	2760	0ccdaa4b3990bcf4745acfd0ef34da97e2a8734aaa88d6b9b6bbf6b7750630e1.exe	29
PID 2760 wrote to memory of 2568	2760	0ccdaa4b3990bcf4745acfd0ef34da97e2a8734aaa88d6b9b6bbf6b7750630e1.exe	29
PID 2760 wrote to memory of 2568	2760	0ccdaa4b3990bcf4745acfd0ef34da97e2a8734aaa88d6b9b6bbf6b7750630e1.exe	29
PID 2760 wrote to memory of 2568	2760	0ccdaa4b3990bcf4745acfd0ef34da97e2a8734aaa88d6b9b6bbf6b7750630e1.exe	29
PID 2760 wrote to memory of 2568	2760	0ccdaa4b3990bcf4745acfd0ef34da97e2a8734aaa88d6b9b6bbf6b7750630e1.exe	29
PID 2760 wrote to memory of 2568	2760	0ccdaa4b3990bcf4745acfd0ef34da97e2a8734aaa88d6b9b6bbf6b7750630e1.exe	29
PID 2760 wrote to memory of 2568	2760	0ccdaa4b3990bcf4745acfd0ef34da97e2a8734aaa88d6b9b6bbf6b7750630e1.exe	29
PID 2568 wrote to memory of 2700	2568	AppLaunch.exe	32
PID 2568 wrote to memory of 2700	2568	AppLaunch.exe	32
PID 2568 wrote to memory of 2700	2568	AppLaunch.exe	32
PID 2568 wrote to memory of 2700	2568	AppLaunch.exe	32
PID 2568 wrote to memory of 2700	2568	AppLaunch.exe	32
PID 2568 wrote to memory of 2700	2568	AppLaunch.exe	32
PID 2568 wrote to memory of 2700	2568	AppLaunch.exe	32

C:\Users\Admin\AppData\Local\Temp\0ccdaa4b3990bcf4745acfd0ef34da97e2a8734aaa88d6b9b6bbf6b7750630e1.exe
"C:\Users\Admin\AppData\Local\Temp\0ccdaa4b3990bcf4745acfd0ef34da97e2a8734aaa88d6b9b6bbf6b7750630e1.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2760
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2568
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 200
    3⤵
    - Program crash
    PID:2700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2568-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2568-7-0x0000000000400000-0x0000000000506000-memory.dmp

Filesize
1.0MB

Download
memory/2568-5-0x0000000000400000-0x0000000000506000-memory.dmp

Filesize
1.0MB

Download
memory/2568-4-0x0000000000400000-0x0000000000506000-memory.dmp

Filesize
1.0MB

Download
memory/2568-3-0x0000000000400000-0x0000000000506000-memory.dmp

Filesize
1.0MB

Download
memory/2568-2-0x0000000000400000-0x0000000000506000-memory.dmp

Filesize
1.0MB

Download
memory/2568-1-0x0000000000400000-0x0000000000506000-memory.dmp

Filesize
1.0MB

Download
memory/2568-0-0x0000000000400000-0x0000000000506000-memory.dmp

Filesize
1.0MB

Download
memory/2568-9-0x0000000000400000-0x0000000000506000-memory.dmp

Filesize
1.0MB

Download
memory/2568-11-0x0000000000400000-0x0000000000506000-memory.dmp

Filesize
1.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads