0f8dad9bd2936d342978ee8646d1a61f1ceb199b29f87593139e16e8b76afc7c

Analysis

max time kernel
122s
max time network
132s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14-10-2023 01:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0f8dad9bd2936d342978ee8646d1a61f1ceb199b29f87593139e16e8b76afc7c.exe
Size

742KB
MD5

77b1412a26dcb1e794fcc91750f6d616
SHA1

637b78b6db9bb2dc5bbfdc798b9a968a6ed9fb12
SHA256

0f8dad9bd2936d342978ee8646d1a61f1ceb199b29f87593139e16e8b76afc7c
SHA512

ca2db54c592efa905fb350d18f9152691802cfac19321a3a07f6ced5c064d94390c0b9d4a01b9b54ae7b11a85e2123f500ddd5deab0bf881bd80a7176dfb524c
SSDEEP

12288:e3//yfYb5BIQZVtMPLHzavXjNxPV5FSHaiFRGG86njlgSmWBICBubNRvmrOs/C9:MiuBtZKzavXjV5gdjdnjlgSLILbNMOse

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2976 set thread context of 1292	2976	0f8dad9bd2936d342978ee8646d1a61f1ceb199b29f87593139e16e8b76afc7c.exe	28

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2676	1292	WerFault.exe	28

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 1292	2976	0f8dad9bd2936d342978ee8646d1a61f1ceb199b29f87593139e16e8b76afc7c.exe	28
PID 2976 wrote to memory of 1292	2976	0f8dad9bd2936d342978ee8646d1a61f1ceb199b29f87593139e16e8b76afc7c.exe	28
PID 2976 wrote to memory of 1292	2976	0f8dad9bd2936d342978ee8646d1a61f1ceb199b29f87593139e16e8b76afc7c.exe	28
PID 2976 wrote to memory of 1292	2976	0f8dad9bd2936d342978ee8646d1a61f1ceb199b29f87593139e16e8b76afc7c.exe	28
PID 2976 wrote to memory of 1292	2976	0f8dad9bd2936d342978ee8646d1a61f1ceb199b29f87593139e16e8b76afc7c.exe	28
PID 2976 wrote to memory of 1292	2976	0f8dad9bd2936d342978ee8646d1a61f1ceb199b29f87593139e16e8b76afc7c.exe	28
PID 2976 wrote to memory of 1292	2976	0f8dad9bd2936d342978ee8646d1a61f1ceb199b29f87593139e16e8b76afc7c.exe	28
PID 2976 wrote to memory of 1292	2976	0f8dad9bd2936d342978ee8646d1a61f1ceb199b29f87593139e16e8b76afc7c.exe	28
PID 2976 wrote to memory of 1292	2976	0f8dad9bd2936d342978ee8646d1a61f1ceb199b29f87593139e16e8b76afc7c.exe	28
PID 2976 wrote to memory of 1292	2976	0f8dad9bd2936d342978ee8646d1a61f1ceb199b29f87593139e16e8b76afc7c.exe	28
PID 2976 wrote to memory of 1292	2976	0f8dad9bd2936d342978ee8646d1a61f1ceb199b29f87593139e16e8b76afc7c.exe	28
PID 2976 wrote to memory of 1292	2976	0f8dad9bd2936d342978ee8646d1a61f1ceb199b29f87593139e16e8b76afc7c.exe	28
PID 2976 wrote to memory of 1292	2976	0f8dad9bd2936d342978ee8646d1a61f1ceb199b29f87593139e16e8b76afc7c.exe	28
PID 2976 wrote to memory of 1292	2976	0f8dad9bd2936d342978ee8646d1a61f1ceb199b29f87593139e16e8b76afc7c.exe	28
PID 1292 wrote to memory of 2676	1292	AppLaunch.exe	29
PID 1292 wrote to memory of 2676	1292	AppLaunch.exe	29
PID 1292 wrote to memory of 2676	1292	AppLaunch.exe	29
PID 1292 wrote to memory of 2676	1292	AppLaunch.exe	29
PID 1292 wrote to memory of 2676	1292	AppLaunch.exe	29
PID 1292 wrote to memory of 2676	1292	AppLaunch.exe	29
PID 1292 wrote to memory of 2676	1292	AppLaunch.exe	29

C:\Users\Admin\AppData\Local\Temp\0f8dad9bd2936d342978ee8646d1a61f1ceb199b29f87593139e16e8b76afc7c.exe
"C:\Users\Admin\AppData\Local\Temp\0f8dad9bd2936d342978ee8646d1a61f1ceb199b29f87593139e16e8b76afc7c.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1292
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 200
    3⤵
    - Program crash
    PID:2676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1292-3-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1292-4-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1292-2-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1292-1-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1292-0-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1292-5-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1292-7-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1292-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/1292-9-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1292-11-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads