0c78a466c229ba641b210b42b62b377b721c7c3a6bdc24f4333bcf0293028ec9

Analysis

max time kernel
122s
max time network
153s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
13/10/2023, 04:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0c78a466c229ba641b210b42b62b377b721c7c3a6bdc24f4333bcf0293028ec9.exe
Size

1.2MB
MD5

870a986bde08a35ba78fc02686a0e147
SHA1

ea25f929b1771fd9befe90096f5f53193a24904d
SHA256

0c78a466c229ba641b210b42b62b377b721c7c3a6bdc24f4333bcf0293028ec9
SHA512

5de72f58b8e4dcca9efc5942caccd1082cc83962612fc1684f6e6e7ab24e0296cfedd0b4056968fac561d1c60be9e7909d89cb3c45a4beff644080a1b5f3da3e
SSDEEP

24576:49q+V4zY5k0GF8JNX4T7rXRKdz9F1MNm20q0K9Y/ZwbwUkG:Eq+V4dIJ6ThKZlMNmrf5ZwcdG

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1776 set thread context of 2728	1776	0c78a466c229ba641b210b42b62b377b721c7c3a6bdc24f4333bcf0293028ec9.exe	31

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2632	2728	WerFault.exe	31

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 1776 wrote to memory of 2728	1776	0c78a466c229ba641b210b42b62b377b721c7c3a6bdc24f4333bcf0293028ec9.exe	31
PID 1776 wrote to memory of 2728	1776	0c78a466c229ba641b210b42b62b377b721c7c3a6bdc24f4333bcf0293028ec9.exe	31
PID 1776 wrote to memory of 2728	1776	0c78a466c229ba641b210b42b62b377b721c7c3a6bdc24f4333bcf0293028ec9.exe	31
PID 1776 wrote to memory of 2728	1776	0c78a466c229ba641b210b42b62b377b721c7c3a6bdc24f4333bcf0293028ec9.exe	31
PID 1776 wrote to memory of 2728	1776	0c78a466c229ba641b210b42b62b377b721c7c3a6bdc24f4333bcf0293028ec9.exe	31
PID 1776 wrote to memory of 2728	1776	0c78a466c229ba641b210b42b62b377b721c7c3a6bdc24f4333bcf0293028ec9.exe	31
PID 1776 wrote to memory of 2728	1776	0c78a466c229ba641b210b42b62b377b721c7c3a6bdc24f4333bcf0293028ec9.exe	31
PID 1776 wrote to memory of 2728	1776	0c78a466c229ba641b210b42b62b377b721c7c3a6bdc24f4333bcf0293028ec9.exe	31
PID 1776 wrote to memory of 2728	1776	0c78a466c229ba641b210b42b62b377b721c7c3a6bdc24f4333bcf0293028ec9.exe	31
PID 1776 wrote to memory of 2728	1776	0c78a466c229ba641b210b42b62b377b721c7c3a6bdc24f4333bcf0293028ec9.exe	31
PID 1776 wrote to memory of 2728	1776	0c78a466c229ba641b210b42b62b377b721c7c3a6bdc24f4333bcf0293028ec9.exe	31
PID 1776 wrote to memory of 2728	1776	0c78a466c229ba641b210b42b62b377b721c7c3a6bdc24f4333bcf0293028ec9.exe	31
PID 1776 wrote to memory of 2728	1776	0c78a466c229ba641b210b42b62b377b721c7c3a6bdc24f4333bcf0293028ec9.exe	31
PID 1776 wrote to memory of 2728	1776	0c78a466c229ba641b210b42b62b377b721c7c3a6bdc24f4333bcf0293028ec9.exe	31
PID 2728 wrote to memory of 2632	2728	AppLaunch.exe	32
PID 2728 wrote to memory of 2632	2728	AppLaunch.exe	32
PID 2728 wrote to memory of 2632	2728	AppLaunch.exe	32
PID 2728 wrote to memory of 2632	2728	AppLaunch.exe	32
PID 2728 wrote to memory of 2632	2728	AppLaunch.exe	32
PID 2728 wrote to memory of 2632	2728	AppLaunch.exe	32
PID 2728 wrote to memory of 2632	2728	AppLaunch.exe	32

C:\Users\Admin\AppData\Local\Temp\0c78a466c229ba641b210b42b62b377b721c7c3a6bdc24f4333bcf0293028ec9.exe
"C:\Users\Admin\AppData\Local\Temp\0c78a466c229ba641b210b42b62b377b721c7c3a6bdc24f4333bcf0293028ec9.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1776
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2728
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 200
    3⤵
    - Program crash
    PID:2632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2728-0-0x0000000000400000-0x0000000000505000-memory.dmp

Filesize
1.0MB

Download
memory/2728-1-0x0000000000400000-0x0000000000505000-memory.dmp

Filesize
1.0MB

Download
memory/2728-3-0x0000000000400000-0x0000000000505000-memory.dmp

Filesize
1.0MB

Download
memory/2728-2-0x0000000000400000-0x0000000000505000-memory.dmp

Filesize
1.0MB

Download
memory/2728-5-0x0000000000400000-0x0000000000505000-memory.dmp

Filesize
1.0MB

Download
memory/2728-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2728-4-0x0000000000400000-0x0000000000505000-memory.dmp

Filesize
1.0MB

Download
memory/2728-7-0x0000000000400000-0x0000000000505000-memory.dmp

Filesize
1.0MB

Download
memory/2728-9-0x0000000000400000-0x0000000000505000-memory.dmp

Filesize
1.0MB

Download
memory/2728-11-0x0000000000400000-0x0000000000505000-memory.dmp

Filesize
1.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads