313a6dd364fc2f1fbb8b0a8def175e8533b88ccdeb31cadc7ecfc373af993f0a

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 02:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

313a6dd364fc2f1fbb8b0a8def175e8533b88ccdeb31cadc7ecfc373af993f0a.exe
Size

741KB
MD5

316e5c5cca4bd16dafa94b0eb37b39f1
SHA1

cd52448abeaa9438637b89da7375b1e2d12423fd
SHA256

313a6dd364fc2f1fbb8b0a8def175e8533b88ccdeb31cadc7ecfc373af993f0a
SHA512

d4151d4297e00443df8b3b2a79bc8ad15944c9db34582dd9e3e89d838fb7610d0ee622006a09d97d625826baa4737f1b3cafee4800c295dd9748be1802829d71
SSDEEP

12288:B1//yfYb5BIQZVtfR2za07B4Tkvc9paLDy9PWvGTXoVcbLZWYPenF8Y3840Sy8gP:LiuBtZQe07FMsDy9PWvGTXoSbNNGiY7

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2364 set thread context of 1304	2364	313a6dd364fc2f1fbb8b0a8def175e8533b88ccdeb31cadc7ecfc373af993f0a.exe	29

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2700	1304	WerFault.exe	29

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 1304	2364	313a6dd364fc2f1fbb8b0a8def175e8533b88ccdeb31cadc7ecfc373af993f0a.exe	29
PID 2364 wrote to memory of 1304	2364	313a6dd364fc2f1fbb8b0a8def175e8533b88ccdeb31cadc7ecfc373af993f0a.exe	29
PID 2364 wrote to memory of 1304	2364	313a6dd364fc2f1fbb8b0a8def175e8533b88ccdeb31cadc7ecfc373af993f0a.exe	29
PID 2364 wrote to memory of 1304	2364	313a6dd364fc2f1fbb8b0a8def175e8533b88ccdeb31cadc7ecfc373af993f0a.exe	29
PID 2364 wrote to memory of 1304	2364	313a6dd364fc2f1fbb8b0a8def175e8533b88ccdeb31cadc7ecfc373af993f0a.exe	29
PID 2364 wrote to memory of 1304	2364	313a6dd364fc2f1fbb8b0a8def175e8533b88ccdeb31cadc7ecfc373af993f0a.exe	29
PID 2364 wrote to memory of 1304	2364	313a6dd364fc2f1fbb8b0a8def175e8533b88ccdeb31cadc7ecfc373af993f0a.exe	29
PID 2364 wrote to memory of 1304	2364	313a6dd364fc2f1fbb8b0a8def175e8533b88ccdeb31cadc7ecfc373af993f0a.exe	29
PID 2364 wrote to memory of 1304	2364	313a6dd364fc2f1fbb8b0a8def175e8533b88ccdeb31cadc7ecfc373af993f0a.exe	29
PID 2364 wrote to memory of 1304	2364	313a6dd364fc2f1fbb8b0a8def175e8533b88ccdeb31cadc7ecfc373af993f0a.exe	29
PID 2364 wrote to memory of 1304	2364	313a6dd364fc2f1fbb8b0a8def175e8533b88ccdeb31cadc7ecfc373af993f0a.exe	29
PID 2364 wrote to memory of 1304	2364	313a6dd364fc2f1fbb8b0a8def175e8533b88ccdeb31cadc7ecfc373af993f0a.exe	29
PID 2364 wrote to memory of 1304	2364	313a6dd364fc2f1fbb8b0a8def175e8533b88ccdeb31cadc7ecfc373af993f0a.exe	29
PID 2364 wrote to memory of 1304	2364	313a6dd364fc2f1fbb8b0a8def175e8533b88ccdeb31cadc7ecfc373af993f0a.exe	29
PID 1304 wrote to memory of 2700	1304	AppLaunch.exe	30
PID 1304 wrote to memory of 2700	1304	AppLaunch.exe	30
PID 1304 wrote to memory of 2700	1304	AppLaunch.exe	30
PID 1304 wrote to memory of 2700	1304	AppLaunch.exe	30
PID 1304 wrote to memory of 2700	1304	AppLaunch.exe	30
PID 1304 wrote to memory of 2700	1304	AppLaunch.exe	30
PID 1304 wrote to memory of 2700	1304	AppLaunch.exe	30

C:\Users\Admin\AppData\Local\Temp\313a6dd364fc2f1fbb8b0a8def175e8533b88ccdeb31cadc7ecfc373af993f0a.exe
"C:\Users\Admin\AppData\Local\Temp\313a6dd364fc2f1fbb8b0a8def175e8533b88ccdeb31cadc7ecfc373af993f0a.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1304
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 200
    3⤵
    - Program crash
    PID:2700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1304-3-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1304-2-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1304-1-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1304-0-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1304-4-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1304-5-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1304-7-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/1304-8-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1304-10-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1304-12-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads