Analysis
-
max time kernel
117s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
13-10-2023 02:49
Static task
static1
Behavioral task
behavioral1
Sample
0db2a72744fc2d2e90622c9db925e36555decceceaa24a63192a1ef4cf8a5aa7.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
0db2a72744fc2d2e90622c9db925e36555decceceaa24a63192a1ef4cf8a5aa7.exe
Resource
win10v2004-20230915-en
General
-
Target
0db2a72744fc2d2e90622c9db925e36555decceceaa24a63192a1ef4cf8a5aa7.exe
-
Size
1.2MB
-
MD5
afdcb9fe08736951088d5f1ac3a91882
-
SHA1
31638b05828c06bebc0e4fd654a1777a71f27855
-
SHA256
0db2a72744fc2d2e90622c9db925e36555decceceaa24a63192a1ef4cf8a5aa7
-
SHA512
fb33e564a5f8c4d67631d7331dd3903bfb8b993f1fe63b79f0cbf35fba501424c7ef91423c14dc46c72f13189fbf97212a69489a2da17e2665ca19352fe1d762
-
SSDEEP
24576:EZtRsbYYOb5xGSBs7dsNIriUZ5aV/8c3lK2i6b0sJQp95IFHIuhqnMzXhu62G9eC:EZtRsXOb5x/OWYimc6cTkkjo8XlhZ
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 2624 set thread context of 2020 2624 0db2a72744fc2d2e90622c9db925e36555decceceaa24a63192a1ef4cf8a5aa7.exe 29 -
Program crash 1 IoCs
pid pid_target Process procid_target 2812 2020 WerFault.exe 29 -
Suspicious use of WriteProcessMemory 21 IoCs
description pid Process procid_target PID 2624 wrote to memory of 2020 2624 0db2a72744fc2d2e90622c9db925e36555decceceaa24a63192a1ef4cf8a5aa7.exe 29 PID 2624 wrote to memory of 2020 2624 0db2a72744fc2d2e90622c9db925e36555decceceaa24a63192a1ef4cf8a5aa7.exe 29 PID 2624 wrote to memory of 2020 2624 0db2a72744fc2d2e90622c9db925e36555decceceaa24a63192a1ef4cf8a5aa7.exe 29 PID 2624 wrote to memory of 2020 2624 0db2a72744fc2d2e90622c9db925e36555decceceaa24a63192a1ef4cf8a5aa7.exe 29 PID 2624 wrote to memory of 2020 2624 0db2a72744fc2d2e90622c9db925e36555decceceaa24a63192a1ef4cf8a5aa7.exe 29 PID 2624 wrote to memory of 2020 2624 0db2a72744fc2d2e90622c9db925e36555decceceaa24a63192a1ef4cf8a5aa7.exe 29 PID 2624 wrote to memory of 2020 2624 0db2a72744fc2d2e90622c9db925e36555decceceaa24a63192a1ef4cf8a5aa7.exe 29 PID 2624 wrote to memory of 2020 2624 0db2a72744fc2d2e90622c9db925e36555decceceaa24a63192a1ef4cf8a5aa7.exe 29 PID 2624 wrote to memory of 2020 2624 0db2a72744fc2d2e90622c9db925e36555decceceaa24a63192a1ef4cf8a5aa7.exe 29 PID 2624 wrote to memory of 2020 2624 0db2a72744fc2d2e90622c9db925e36555decceceaa24a63192a1ef4cf8a5aa7.exe 29 PID 2624 wrote to memory of 2020 2624 0db2a72744fc2d2e90622c9db925e36555decceceaa24a63192a1ef4cf8a5aa7.exe 29 PID 2624 wrote to memory of 2020 2624 0db2a72744fc2d2e90622c9db925e36555decceceaa24a63192a1ef4cf8a5aa7.exe 29 PID 2624 wrote to memory of 2020 2624 0db2a72744fc2d2e90622c9db925e36555decceceaa24a63192a1ef4cf8a5aa7.exe 29 PID 2624 wrote to memory of 2020 2624 0db2a72744fc2d2e90622c9db925e36555decceceaa24a63192a1ef4cf8a5aa7.exe 29 PID 2020 wrote to memory of 2812 2020 AppLaunch.exe 30 PID 2020 wrote to memory of 2812 2020 AppLaunch.exe 30 PID 2020 wrote to memory of 2812 2020 AppLaunch.exe 30 PID 2020 wrote to memory of 2812 2020 AppLaunch.exe 30 PID 2020 wrote to memory of 2812 2020 AppLaunch.exe 30 PID 2020 wrote to memory of 2812 2020 AppLaunch.exe 30 PID 2020 wrote to memory of 2812 2020 AppLaunch.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\0db2a72744fc2d2e90622c9db925e36555decceceaa24a63192a1ef4cf8a5aa7.exe"C:\Users\Admin\AppData\Local\Temp\0db2a72744fc2d2e90622c9db925e36555decceceaa24a63192a1ef4cf8a5aa7.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2624 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:2020 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 2003⤵
- Program crash
PID:2812
-
-