9bc9b9f26fabbdee9deb5715911b415770a8e7a80061f96b8912aeaecbeba14f

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
13-10-2023 02:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9bc9b9f26fabbdee9deb5715911b415770a8e7a80061f96b8912aeaecbeba14f.exe
Size

1.4MB
MD5

896652368edea229fd9ea637f4f47669
SHA1

49f62c1d5eecfbb9f1117c29da2dc38ad5a7e207
SHA256

9bc9b9f26fabbdee9deb5715911b415770a8e7a80061f96b8912aeaecbeba14f
SHA512

3de5ee4870975de3eb264d3ecdab2ad3d35b89b34e42882700f544e681342e85ed37dac77387b33d0e7282ad106ae62a2f8e2db7139af1ad8b98234657384b1f
SSDEEP

24576:3Ztx7UI/h3gFdEdbQx05wKIaBriTvKucoQ1bofUKI6/1NoRGoKihZ:3ZtxzQFdE0ewKIGiTv5cBMAZhZ

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1700 set thread context of 2020	1700	9bc9b9f26fabbdee9deb5715911b415770a8e7a80061f96b8912aeaecbeba14f.exe	29

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2704	2020	WerFault.exe	29

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 2020	1700	9bc9b9f26fabbdee9deb5715911b415770a8e7a80061f96b8912aeaecbeba14f.exe	29
PID 1700 wrote to memory of 2020	1700	9bc9b9f26fabbdee9deb5715911b415770a8e7a80061f96b8912aeaecbeba14f.exe	29
PID 1700 wrote to memory of 2020	1700	9bc9b9f26fabbdee9deb5715911b415770a8e7a80061f96b8912aeaecbeba14f.exe	29
PID 1700 wrote to memory of 2020	1700	9bc9b9f26fabbdee9deb5715911b415770a8e7a80061f96b8912aeaecbeba14f.exe	29
PID 1700 wrote to memory of 2020	1700	9bc9b9f26fabbdee9deb5715911b415770a8e7a80061f96b8912aeaecbeba14f.exe	29
PID 1700 wrote to memory of 2020	1700	9bc9b9f26fabbdee9deb5715911b415770a8e7a80061f96b8912aeaecbeba14f.exe	29
PID 1700 wrote to memory of 2020	1700	9bc9b9f26fabbdee9deb5715911b415770a8e7a80061f96b8912aeaecbeba14f.exe	29
PID 1700 wrote to memory of 2020	1700	9bc9b9f26fabbdee9deb5715911b415770a8e7a80061f96b8912aeaecbeba14f.exe	29
PID 1700 wrote to memory of 2020	1700	9bc9b9f26fabbdee9deb5715911b415770a8e7a80061f96b8912aeaecbeba14f.exe	29
PID 1700 wrote to memory of 2020	1700	9bc9b9f26fabbdee9deb5715911b415770a8e7a80061f96b8912aeaecbeba14f.exe	29
PID 1700 wrote to memory of 2020	1700	9bc9b9f26fabbdee9deb5715911b415770a8e7a80061f96b8912aeaecbeba14f.exe	29
PID 1700 wrote to memory of 2020	1700	9bc9b9f26fabbdee9deb5715911b415770a8e7a80061f96b8912aeaecbeba14f.exe	29
PID 1700 wrote to memory of 2020	1700	9bc9b9f26fabbdee9deb5715911b415770a8e7a80061f96b8912aeaecbeba14f.exe	29
PID 1700 wrote to memory of 2020	1700	9bc9b9f26fabbdee9deb5715911b415770a8e7a80061f96b8912aeaecbeba14f.exe	29
PID 2020 wrote to memory of 2704	2020	AppLaunch.exe	30
PID 2020 wrote to memory of 2704	2020	AppLaunch.exe	30
PID 2020 wrote to memory of 2704	2020	AppLaunch.exe	30
PID 2020 wrote to memory of 2704	2020	AppLaunch.exe	30
PID 2020 wrote to memory of 2704	2020	AppLaunch.exe	30
PID 2020 wrote to memory of 2704	2020	AppLaunch.exe	30
PID 2020 wrote to memory of 2704	2020	AppLaunch.exe	30

C:\Users\Admin\AppData\Local\Temp\9bc9b9f26fabbdee9deb5715911b415770a8e7a80061f96b8912aeaecbeba14f.exe
"C:\Users\Admin\AppData\Local\Temp\9bc9b9f26fabbdee9deb5715911b415770a8e7a80061f96b8912aeaecbeba14f.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2020
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 200
    3⤵
    - Program crash
    PID:2704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2020-1-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/2020-3-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/2020-4-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/2020-5-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/2020-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2020-7-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/2020-2-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/2020-0-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/2020-9-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/2020-11-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads