579a76d3b2d3c128a4f8c94556eb3f932f219099a72c9ab3c6bb375514d05420

Analysis

max time kernel
117s
max time network
124s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 02:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

579a76d3b2d3c128a4f8c94556eb3f932f219099a72c9ab3c6bb375514d05420.exe
Size

1.3MB
MD5

676ff1e6209f586295e5056d87cbdaa7
SHA1

c259fc26f47f04707ba7274699696b213fd57468
SHA256

579a76d3b2d3c128a4f8c94556eb3f932f219099a72c9ab3c6bb375514d05420
SHA512

84b7c32344c4865affa774889100c5ed47d4830be1cb5e75aaab51019ce830500291a4f1fd44886c28b01938e54fa4ed7fe8fa8e341c6dfe9680b443575d1b81
SSDEEP

24576:ciuBtZkT2cd+Rh00bm47Fi3PR/HMLLMmoKGgnmFU2dDXlrHfH3mPuB1kMMQSnwVV:LuBfkRd+z00bF+PR/HFEV0U2dDFKu7k8

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1956 set thread context of 2664	1956	579a76d3b2d3c128a4f8c94556eb3f932f219099a72c9ab3c6bb375514d05420.exe	29

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2552	2664	WerFault.exe	29

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 1956 wrote to memory of 2664	1956	579a76d3b2d3c128a4f8c94556eb3f932f219099a72c9ab3c6bb375514d05420.exe	29
PID 1956 wrote to memory of 2664	1956	579a76d3b2d3c128a4f8c94556eb3f932f219099a72c9ab3c6bb375514d05420.exe	29
PID 1956 wrote to memory of 2664	1956	579a76d3b2d3c128a4f8c94556eb3f932f219099a72c9ab3c6bb375514d05420.exe	29
PID 1956 wrote to memory of 2664	1956	579a76d3b2d3c128a4f8c94556eb3f932f219099a72c9ab3c6bb375514d05420.exe	29
PID 1956 wrote to memory of 2664	1956	579a76d3b2d3c128a4f8c94556eb3f932f219099a72c9ab3c6bb375514d05420.exe	29
PID 1956 wrote to memory of 2664	1956	579a76d3b2d3c128a4f8c94556eb3f932f219099a72c9ab3c6bb375514d05420.exe	29
PID 1956 wrote to memory of 2664	1956	579a76d3b2d3c128a4f8c94556eb3f932f219099a72c9ab3c6bb375514d05420.exe	29
PID 1956 wrote to memory of 2664	1956	579a76d3b2d3c128a4f8c94556eb3f932f219099a72c9ab3c6bb375514d05420.exe	29
PID 1956 wrote to memory of 2664	1956	579a76d3b2d3c128a4f8c94556eb3f932f219099a72c9ab3c6bb375514d05420.exe	29
PID 1956 wrote to memory of 2664	1956	579a76d3b2d3c128a4f8c94556eb3f932f219099a72c9ab3c6bb375514d05420.exe	29
PID 1956 wrote to memory of 2664	1956	579a76d3b2d3c128a4f8c94556eb3f932f219099a72c9ab3c6bb375514d05420.exe	29
PID 1956 wrote to memory of 2664	1956	579a76d3b2d3c128a4f8c94556eb3f932f219099a72c9ab3c6bb375514d05420.exe	29
PID 1956 wrote to memory of 2664	1956	579a76d3b2d3c128a4f8c94556eb3f932f219099a72c9ab3c6bb375514d05420.exe	29
PID 1956 wrote to memory of 2664	1956	579a76d3b2d3c128a4f8c94556eb3f932f219099a72c9ab3c6bb375514d05420.exe	29
PID 2664 wrote to memory of 2552	2664	AppLaunch.exe	30
PID 2664 wrote to memory of 2552	2664	AppLaunch.exe	30
PID 2664 wrote to memory of 2552	2664	AppLaunch.exe	30
PID 2664 wrote to memory of 2552	2664	AppLaunch.exe	30
PID 2664 wrote to memory of 2552	2664	AppLaunch.exe	30
PID 2664 wrote to memory of 2552	2664	AppLaunch.exe	30
PID 2664 wrote to memory of 2552	2664	AppLaunch.exe	30

C:\Users\Admin\AppData\Local\Temp\579a76d3b2d3c128a4f8c94556eb3f932f219099a72c9ab3c6bb375514d05420.exe
"C:\Users\Admin\AppData\Local\Temp\579a76d3b2d3c128a4f8c94556eb3f932f219099a72c9ab3c6bb375514d05420.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1956
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2664
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 200
    3⤵
    - Program crash
    PID:2552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2664-3-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/2664-2-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/2664-1-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/2664-0-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/2664-4-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/2664-5-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/2664-7-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/2664-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2664-9-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/2664-11-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads