b3fe7b1632df8612e97952cc63a296871fb2644a0e890aa8b2369131cdc108ee

Analysis

max time kernel
122s
max time network
136s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 02:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b3fe7b1632df8612e97952cc63a296871fb2644a0e890aa8b2369131cdc108ee.exe
Size

930KB
MD5

188b21bc63faad7b1b3c33af8fe7ba06
SHA1

6dbfff80152b0af2473b754c773cc1ccfe63ea49
SHA256

b3fe7b1632df8612e97952cc63a296871fb2644a0e890aa8b2369131cdc108ee
SHA512

490fd7b24912c4267ed4944e2b35eb060713e97a5b5f2ee3e2b4173f5dd06c3e542167213a5dccea16e32a426c1539fd1e260550e63699adc1ac873767d1a831
SSDEEP

24576:riuBtZGSCFbMmswAMRhEoQlgtSLv1tgkQU4:euBfGSS1sDMRhaGSLv13QU4

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1456 set thread context of 2632	1456	b3fe7b1632df8612e97952cc63a296871fb2644a0e890aa8b2369131cdc108ee.exe	29

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2832	2632	WerFault.exe	29

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 1456 wrote to memory of 2632	1456	b3fe7b1632df8612e97952cc63a296871fb2644a0e890aa8b2369131cdc108ee.exe	29
PID 1456 wrote to memory of 2632	1456	b3fe7b1632df8612e97952cc63a296871fb2644a0e890aa8b2369131cdc108ee.exe	29
PID 1456 wrote to memory of 2632	1456	b3fe7b1632df8612e97952cc63a296871fb2644a0e890aa8b2369131cdc108ee.exe	29
PID 1456 wrote to memory of 2632	1456	b3fe7b1632df8612e97952cc63a296871fb2644a0e890aa8b2369131cdc108ee.exe	29
PID 1456 wrote to memory of 2632	1456	b3fe7b1632df8612e97952cc63a296871fb2644a0e890aa8b2369131cdc108ee.exe	29
PID 1456 wrote to memory of 2632	1456	b3fe7b1632df8612e97952cc63a296871fb2644a0e890aa8b2369131cdc108ee.exe	29
PID 1456 wrote to memory of 2632	1456	b3fe7b1632df8612e97952cc63a296871fb2644a0e890aa8b2369131cdc108ee.exe	29
PID 1456 wrote to memory of 2632	1456	b3fe7b1632df8612e97952cc63a296871fb2644a0e890aa8b2369131cdc108ee.exe	29
PID 1456 wrote to memory of 2632	1456	b3fe7b1632df8612e97952cc63a296871fb2644a0e890aa8b2369131cdc108ee.exe	29
PID 1456 wrote to memory of 2632	1456	b3fe7b1632df8612e97952cc63a296871fb2644a0e890aa8b2369131cdc108ee.exe	29
PID 1456 wrote to memory of 2632	1456	b3fe7b1632df8612e97952cc63a296871fb2644a0e890aa8b2369131cdc108ee.exe	29
PID 1456 wrote to memory of 2632	1456	b3fe7b1632df8612e97952cc63a296871fb2644a0e890aa8b2369131cdc108ee.exe	29
PID 1456 wrote to memory of 2632	1456	b3fe7b1632df8612e97952cc63a296871fb2644a0e890aa8b2369131cdc108ee.exe	29
PID 1456 wrote to memory of 2632	1456	b3fe7b1632df8612e97952cc63a296871fb2644a0e890aa8b2369131cdc108ee.exe	29
PID 2632 wrote to memory of 2832	2632	AppLaunch.exe	30
PID 2632 wrote to memory of 2832	2632	AppLaunch.exe	30
PID 2632 wrote to memory of 2832	2632	AppLaunch.exe	30
PID 2632 wrote to memory of 2832	2632	AppLaunch.exe	30
PID 2632 wrote to memory of 2832	2632	AppLaunch.exe	30
PID 2632 wrote to memory of 2832	2632	AppLaunch.exe	30
PID 2632 wrote to memory of 2832	2632	AppLaunch.exe	30

C:\Users\Admin\AppData\Local\Temp\b3fe7b1632df8612e97952cc63a296871fb2644a0e890aa8b2369131cdc108ee.exe
"C:\Users\Admin\AppData\Local\Temp\b3fe7b1632df8612e97952cc63a296871fb2644a0e890aa8b2369131cdc108ee.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1456
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2632
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 200
    3⤵
    - Program crash
    PID:2832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2632-0-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/2632-1-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/2632-3-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/2632-5-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/2632-7-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2632-8-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/2632-4-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/2632-2-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/2632-10-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/2632-12-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads