6e7729ad79e3111e334d2c54e83613536a58452605b223ffdf88ac275f5d74e7

Analysis

max time kernel
120s
max time network
136s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14-10-2023 00:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e7729ad79e3111e334d2c54e83613536a58452605b223ffdf88ac275f5d74e7.exe
Size

3.9MB
MD5

db01a66e28a2de9a85bead7a37dd7db9
SHA1

973e7e641e06fe40fbb6ddc880736823ae68c263
SHA256

6e7729ad79e3111e334d2c54e83613536a58452605b223ffdf88ac275f5d74e7
SHA512

45f479ea8b6bff9c364923170c4d4974f14365ca8b51c6a02389909b9058fb2416175f113d3e8f1dbe4bda5dcdef766ca9ce1ca52711c9cb6089ab8d0d42d79a
SSDEEP

49152:NL+lQohyVN0426a3v32JQw0fyeVtzj2sBQglTN2iZNfrxujA+y3tW8XXP:NL+lL4xY2u9ygNj29glTTrwjA+cw8

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3048 set thread context of 2636	3048	6e7729ad79e3111e334d2c54e83613536a58452605b223ffdf88ac275f5d74e7.exe	30

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2780	2636	WerFault.exe	30

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 2636	3048	6e7729ad79e3111e334d2c54e83613536a58452605b223ffdf88ac275f5d74e7.exe	30
PID 3048 wrote to memory of 2636	3048	6e7729ad79e3111e334d2c54e83613536a58452605b223ffdf88ac275f5d74e7.exe	30
PID 3048 wrote to memory of 2636	3048	6e7729ad79e3111e334d2c54e83613536a58452605b223ffdf88ac275f5d74e7.exe	30
PID 3048 wrote to memory of 2636	3048	6e7729ad79e3111e334d2c54e83613536a58452605b223ffdf88ac275f5d74e7.exe	30
PID 3048 wrote to memory of 2636	3048	6e7729ad79e3111e334d2c54e83613536a58452605b223ffdf88ac275f5d74e7.exe	30
PID 3048 wrote to memory of 2636	3048	6e7729ad79e3111e334d2c54e83613536a58452605b223ffdf88ac275f5d74e7.exe	30
PID 3048 wrote to memory of 2636	3048	6e7729ad79e3111e334d2c54e83613536a58452605b223ffdf88ac275f5d74e7.exe	30
PID 3048 wrote to memory of 2636	3048	6e7729ad79e3111e334d2c54e83613536a58452605b223ffdf88ac275f5d74e7.exe	30
PID 3048 wrote to memory of 2636	3048	6e7729ad79e3111e334d2c54e83613536a58452605b223ffdf88ac275f5d74e7.exe	30
PID 3048 wrote to memory of 2636	3048	6e7729ad79e3111e334d2c54e83613536a58452605b223ffdf88ac275f5d74e7.exe	30
PID 3048 wrote to memory of 2636	3048	6e7729ad79e3111e334d2c54e83613536a58452605b223ffdf88ac275f5d74e7.exe	30
PID 3048 wrote to memory of 2636	3048	6e7729ad79e3111e334d2c54e83613536a58452605b223ffdf88ac275f5d74e7.exe	30
PID 3048 wrote to memory of 2636	3048	6e7729ad79e3111e334d2c54e83613536a58452605b223ffdf88ac275f5d74e7.exe	30
PID 3048 wrote to memory of 2636	3048	6e7729ad79e3111e334d2c54e83613536a58452605b223ffdf88ac275f5d74e7.exe	30
PID 2636 wrote to memory of 2780	2636	AppLaunch.exe	31
PID 2636 wrote to memory of 2780	2636	AppLaunch.exe	31
PID 2636 wrote to memory of 2780	2636	AppLaunch.exe	31
PID 2636 wrote to memory of 2780	2636	AppLaunch.exe	31
PID 2636 wrote to memory of 2780	2636	AppLaunch.exe	31
PID 2636 wrote to memory of 2780	2636	AppLaunch.exe	31
PID 2636 wrote to memory of 2780	2636	AppLaunch.exe	31

C:\Users\Admin\AppData\Local\Temp\6e7729ad79e3111e334d2c54e83613536a58452605b223ffdf88ac275f5d74e7.exe
"C:\Users\Admin\AppData\Local\Temp\6e7729ad79e3111e334d2c54e83613536a58452605b223ffdf88ac275f5d74e7.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2636
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 200
    3⤵
    - Program crash
    PID:2780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2636-1-0x0000000000400000-0x00000000005F5000-memory.dmp

Filesize
2.0MB

Download
memory/2636-3-0x0000000000400000-0x00000000005F5000-memory.dmp

Filesize
2.0MB

Download
memory/2636-2-0x0000000000400000-0x00000000005F5000-memory.dmp

Filesize
2.0MB

Download
memory/2636-0-0x0000000000400000-0x00000000005F5000-memory.dmp

Filesize
2.0MB

Download
memory/2636-4-0x0000000000400000-0x00000000005F5000-memory.dmp

Filesize
2.0MB

Download
memory/2636-5-0x0000000000400000-0x00000000005F5000-memory.dmp

Filesize
2.0MB

Download
memory/2636-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2636-7-0x0000000000400000-0x00000000005F5000-memory.dmp

Filesize
2.0MB

Download
memory/2636-9-0x0000000000400000-0x00000000005F5000-memory.dmp

Filesize
2.0MB

Download
memory/2636-11-0x0000000000400000-0x00000000005F5000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads