def33a91cb94ced66cbd04f2a83c4aabe7674965f00e572e31eeeeae5009d8e9

Analysis

max time kernel
118s
max time network
132s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 00:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

def33a91cb94ced66cbd04f2a83c4aabe7674965f00e572e31eeeeae5009d8e9.exe
Size

2.5MB
MD5

0e356f9957dcbb263d76ef5c2a9b87c1
SHA1

65145b4c61773a6964a4022640f536d4dfe99a1f
SHA256

def33a91cb94ced66cbd04f2a83c4aabe7674965f00e572e31eeeeae5009d8e9
SHA512

981779c8cd0fbd8a047306d18e8e0b0e31b6f08061cdcc37093acf5d787b6fac759c6d1e3bd36e5a868cacaa51239c8a503cd5146af21253bbbfa16bdde4d830
SSDEEP

49152:1BtzA0pHxVmkv6a3vMVuQeZ3kKnvf5x18:1BtzCkCRoQERvf5

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2128 set thread context of 2464	2128	def33a91cb94ced66cbd04f2a83c4aabe7674965f00e572e31eeeeae5009d8e9.exe	29

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1652	2464	WerFault.exe	29

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 2464	2128	def33a91cb94ced66cbd04f2a83c4aabe7674965f00e572e31eeeeae5009d8e9.exe	29
PID 2128 wrote to memory of 2464	2128	def33a91cb94ced66cbd04f2a83c4aabe7674965f00e572e31eeeeae5009d8e9.exe	29
PID 2128 wrote to memory of 2464	2128	def33a91cb94ced66cbd04f2a83c4aabe7674965f00e572e31eeeeae5009d8e9.exe	29
PID 2128 wrote to memory of 2464	2128	def33a91cb94ced66cbd04f2a83c4aabe7674965f00e572e31eeeeae5009d8e9.exe	29
PID 2128 wrote to memory of 2464	2128	def33a91cb94ced66cbd04f2a83c4aabe7674965f00e572e31eeeeae5009d8e9.exe	29
PID 2128 wrote to memory of 2464	2128	def33a91cb94ced66cbd04f2a83c4aabe7674965f00e572e31eeeeae5009d8e9.exe	29
PID 2128 wrote to memory of 2464	2128	def33a91cb94ced66cbd04f2a83c4aabe7674965f00e572e31eeeeae5009d8e9.exe	29
PID 2128 wrote to memory of 2464	2128	def33a91cb94ced66cbd04f2a83c4aabe7674965f00e572e31eeeeae5009d8e9.exe	29
PID 2128 wrote to memory of 2464	2128	def33a91cb94ced66cbd04f2a83c4aabe7674965f00e572e31eeeeae5009d8e9.exe	29
PID 2128 wrote to memory of 2464	2128	def33a91cb94ced66cbd04f2a83c4aabe7674965f00e572e31eeeeae5009d8e9.exe	29
PID 2128 wrote to memory of 2464	2128	def33a91cb94ced66cbd04f2a83c4aabe7674965f00e572e31eeeeae5009d8e9.exe	29
PID 2128 wrote to memory of 2464	2128	def33a91cb94ced66cbd04f2a83c4aabe7674965f00e572e31eeeeae5009d8e9.exe	29
PID 2128 wrote to memory of 2464	2128	def33a91cb94ced66cbd04f2a83c4aabe7674965f00e572e31eeeeae5009d8e9.exe	29
PID 2128 wrote to memory of 2464	2128	def33a91cb94ced66cbd04f2a83c4aabe7674965f00e572e31eeeeae5009d8e9.exe	29
PID 2464 wrote to memory of 1652	2464	AppLaunch.exe	30
PID 2464 wrote to memory of 1652	2464	AppLaunch.exe	30
PID 2464 wrote to memory of 1652	2464	AppLaunch.exe	30
PID 2464 wrote to memory of 1652	2464	AppLaunch.exe	30
PID 2464 wrote to memory of 1652	2464	AppLaunch.exe	30
PID 2464 wrote to memory of 1652	2464	AppLaunch.exe	30
PID 2464 wrote to memory of 1652	2464	AppLaunch.exe	30

C:\Users\Admin\AppData\Local\Temp\def33a91cb94ced66cbd04f2a83c4aabe7674965f00e572e31eeeeae5009d8e9.exe
"C:\Users\Admin\AppData\Local\Temp\def33a91cb94ced66cbd04f2a83c4aabe7674965f00e572e31eeeeae5009d8e9.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2464
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 200
    3⤵
    - Program crash
    PID:1652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2464-2-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/2464-1-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/2464-5-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/2464-4-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/2464-7-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2464-3-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/2464-0-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/2464-8-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/2464-10-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/2464-12-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads