Overview

overview

10

Static

static

3

e253e4c530...2c.exe

windows7-x64

5

e253e4c530...2c.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    13-10-2023 05:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e253e4c530f08b374cc4b9c558d1af05a15b0b3a4ce4ce8780c54f8ca6d8892c.exe

  • Size

    1.4MB

  • MD5

    7231c794f761b16bbeae945d3cfca6a0

  • SHA1

    404dbc5358a0164d615bd1e75cb6c42daa704f67

  • SHA256

    e253e4c530f08b374cc4b9c558d1af05a15b0b3a4ce4ce8780c54f8ca6d8892c

  • SHA512

    c851a3230b71e20d860152b6f3b8873920a5aaf41f25e55038c5bf379d297197377e9f6b03ec226766a905d5e91b620560567e8e3dd440943d41fe468ae7e717

  • SSDEEP

    24576:6i5lutKB+GLSI3M/i6xv3JnGAMxkpKjAA02lvlozIrdbol/RTdDf0x2gNMSeXST8:x5lutKB+GuI8KqxnZmkpxA0WlozibM/Z

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 42 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e253e4c530f08b374cc4b9c558d1af05a15b0b3a4ce4ce8780c54f8ca6d8892c.exe
    "C:\Users\Admin\AppData\Local\Temp\e253e4c530f08b374cc4b9c558d1af05a15b0b3a4ce4ce8780c54f8ca6d8892c.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1256
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
        PID:2588
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:2728
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 200
          3⤵
          • Program crash
          PID:2596
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        2⤵
          PID:1152
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
          2⤵
            PID:2464

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2728-3-0x0000000000400000-0x0000000000532000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2728-5-0x0000000000400000-0x0000000000532000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2728-2-0x0000000000400000-0x0000000000532000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2728-8-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2728-9-0x0000000000400000-0x0000000000532000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2728-7-0x0000000000400000-0x0000000000532000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2728-1-0x0000000000400000-0x0000000000532000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2728-11-0x0000000000400000-0x0000000000532000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2728-0-0x0000000000400000-0x0000000000532000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2728-13-0x0000000000400000-0x0000000000532000-memory.dmp

          Filesize

          1.2MB

          Download