ec298579c4172b95aa7a5b33991d110aaed3a29428743bf9c6c8f6c0117c3d20

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14-10-2023 01:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ec298579c4172b95aa7a5b33991d110aaed3a29428743bf9c6c8f6c0117c3d20.exe
Size

930KB
MD5

77ea740a1495bb0e281fd4be7d0bc9c2
SHA1

06d9621cbcbac10c5e039dff142e22bad3e28c9f
SHA256

ec298579c4172b95aa7a5b33991d110aaed3a29428743bf9c6c8f6c0117c3d20
SHA512

b07086eb765890a80da66b9c35a9f813abf67a37a9d23603b2cc94d415dd404ab21f5f5bbe516969d2dbe230933480fd8001414c8e4cfd6a3e3645d98887f907
SSDEEP

24576:8iuBtZ5SFJ3+3+1GXz+9Actd238Rp9oruM:ruBf5w3j1GXz+NP2sCB

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2444 set thread context of 2036	2444	ec298579c4172b95aa7a5b33991d110aaed3a29428743bf9c6c8f6c0117c3d20.exe	29

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2632	2036	WerFault.exe	29

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 2036	2444	ec298579c4172b95aa7a5b33991d110aaed3a29428743bf9c6c8f6c0117c3d20.exe	29
PID 2444 wrote to memory of 2036	2444	ec298579c4172b95aa7a5b33991d110aaed3a29428743bf9c6c8f6c0117c3d20.exe	29
PID 2444 wrote to memory of 2036	2444	ec298579c4172b95aa7a5b33991d110aaed3a29428743bf9c6c8f6c0117c3d20.exe	29
PID 2444 wrote to memory of 2036	2444	ec298579c4172b95aa7a5b33991d110aaed3a29428743bf9c6c8f6c0117c3d20.exe	29
PID 2444 wrote to memory of 2036	2444	ec298579c4172b95aa7a5b33991d110aaed3a29428743bf9c6c8f6c0117c3d20.exe	29
PID 2444 wrote to memory of 2036	2444	ec298579c4172b95aa7a5b33991d110aaed3a29428743bf9c6c8f6c0117c3d20.exe	29
PID 2444 wrote to memory of 2036	2444	ec298579c4172b95aa7a5b33991d110aaed3a29428743bf9c6c8f6c0117c3d20.exe	29
PID 2444 wrote to memory of 2036	2444	ec298579c4172b95aa7a5b33991d110aaed3a29428743bf9c6c8f6c0117c3d20.exe	29
PID 2444 wrote to memory of 2036	2444	ec298579c4172b95aa7a5b33991d110aaed3a29428743bf9c6c8f6c0117c3d20.exe	29
PID 2444 wrote to memory of 2036	2444	ec298579c4172b95aa7a5b33991d110aaed3a29428743bf9c6c8f6c0117c3d20.exe	29
PID 2444 wrote to memory of 2036	2444	ec298579c4172b95aa7a5b33991d110aaed3a29428743bf9c6c8f6c0117c3d20.exe	29
PID 2444 wrote to memory of 2036	2444	ec298579c4172b95aa7a5b33991d110aaed3a29428743bf9c6c8f6c0117c3d20.exe	29
PID 2444 wrote to memory of 2036	2444	ec298579c4172b95aa7a5b33991d110aaed3a29428743bf9c6c8f6c0117c3d20.exe	29
PID 2444 wrote to memory of 2036	2444	ec298579c4172b95aa7a5b33991d110aaed3a29428743bf9c6c8f6c0117c3d20.exe	29
PID 2036 wrote to memory of 2632	2036	AppLaunch.exe	30
PID 2036 wrote to memory of 2632	2036	AppLaunch.exe	30
PID 2036 wrote to memory of 2632	2036	AppLaunch.exe	30
PID 2036 wrote to memory of 2632	2036	AppLaunch.exe	30
PID 2036 wrote to memory of 2632	2036	AppLaunch.exe	30
PID 2036 wrote to memory of 2632	2036	AppLaunch.exe	30
PID 2036 wrote to memory of 2632	2036	AppLaunch.exe	30

C:\Users\Admin\AppData\Local\Temp\ec298579c4172b95aa7a5b33991d110aaed3a29428743bf9c6c8f6c0117c3d20.exe
"C:\Users\Admin\AppData\Local\Temp\ec298579c4172b95aa7a5b33991d110aaed3a29428743bf9c6c8f6c0117c3d20.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2036
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 200
    3⤵
    - Program crash
    PID:2632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2036-0-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/2036-2-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/2036-4-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/2036-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2036-7-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/2036-5-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/2036-3-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/2036-1-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/2036-9-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/2036-11-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads