0a973a7562ae29b1d139982a51f23b68670764fd92a29cb131ef0aa10f19d106

Analysis

max time kernel
117s
max time network
137s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 03:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0a973a7562ae29b1d139982a51f23b68670764fd92a29cb131ef0aa10f19d106.exe
Size

930KB
MD5

8e45781a495c31858ee36eaa7756da0f
SHA1

7db5ec48ac923aea0781241dd8c8c6deedf8291a
SHA256

0a973a7562ae29b1d139982a51f23b68670764fd92a29cb131ef0aa10f19d106
SHA512

68230ef47598fc6186a5083c72064f5c2a1fcf6c5005d5bd8142223f5c23fa9d5539a297da8f06ec3ab571a66e89415013266ed063dd3bb8dfad345dce9d658d
SSDEEP

24576:oiuBtZRIXaM6NUeI1p/VXksfsF1wR3XFo:fuBfRIKhUeIL/RkOsF1wR3C

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2364 set thread context of 1156	2364	0a973a7562ae29b1d139982a51f23b68670764fd92a29cb131ef0aa10f19d106.exe	29

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2720	1156	WerFault.exe	29

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 1156	2364	0a973a7562ae29b1d139982a51f23b68670764fd92a29cb131ef0aa10f19d106.exe	29
PID 2364 wrote to memory of 1156	2364	0a973a7562ae29b1d139982a51f23b68670764fd92a29cb131ef0aa10f19d106.exe	29
PID 2364 wrote to memory of 1156	2364	0a973a7562ae29b1d139982a51f23b68670764fd92a29cb131ef0aa10f19d106.exe	29
PID 2364 wrote to memory of 1156	2364	0a973a7562ae29b1d139982a51f23b68670764fd92a29cb131ef0aa10f19d106.exe	29
PID 2364 wrote to memory of 1156	2364	0a973a7562ae29b1d139982a51f23b68670764fd92a29cb131ef0aa10f19d106.exe	29
PID 2364 wrote to memory of 1156	2364	0a973a7562ae29b1d139982a51f23b68670764fd92a29cb131ef0aa10f19d106.exe	29
PID 2364 wrote to memory of 1156	2364	0a973a7562ae29b1d139982a51f23b68670764fd92a29cb131ef0aa10f19d106.exe	29
PID 2364 wrote to memory of 1156	2364	0a973a7562ae29b1d139982a51f23b68670764fd92a29cb131ef0aa10f19d106.exe	29
PID 2364 wrote to memory of 1156	2364	0a973a7562ae29b1d139982a51f23b68670764fd92a29cb131ef0aa10f19d106.exe	29
PID 2364 wrote to memory of 1156	2364	0a973a7562ae29b1d139982a51f23b68670764fd92a29cb131ef0aa10f19d106.exe	29
PID 2364 wrote to memory of 1156	2364	0a973a7562ae29b1d139982a51f23b68670764fd92a29cb131ef0aa10f19d106.exe	29
PID 2364 wrote to memory of 1156	2364	0a973a7562ae29b1d139982a51f23b68670764fd92a29cb131ef0aa10f19d106.exe	29
PID 2364 wrote to memory of 1156	2364	0a973a7562ae29b1d139982a51f23b68670764fd92a29cb131ef0aa10f19d106.exe	29
PID 2364 wrote to memory of 1156	2364	0a973a7562ae29b1d139982a51f23b68670764fd92a29cb131ef0aa10f19d106.exe	29
PID 1156 wrote to memory of 2720	1156	AppLaunch.exe	30
PID 1156 wrote to memory of 2720	1156	AppLaunch.exe	30
PID 1156 wrote to memory of 2720	1156	AppLaunch.exe	30
PID 1156 wrote to memory of 2720	1156	AppLaunch.exe	30
PID 1156 wrote to memory of 2720	1156	AppLaunch.exe	30
PID 1156 wrote to memory of 2720	1156	AppLaunch.exe	30
PID 1156 wrote to memory of 2720	1156	AppLaunch.exe	30

C:\Users\Admin\AppData\Local\Temp\0a973a7562ae29b1d139982a51f23b68670764fd92a29cb131ef0aa10f19d106.exe
"C:\Users\Admin\AppData\Local\Temp\0a973a7562ae29b1d139982a51f23b68670764fd92a29cb131ef0aa10f19d106.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1156
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 200
    3⤵
    - Program crash
    PID:2720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1156-0-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/1156-2-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/1156-3-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/1156-5-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/1156-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/1156-7-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/1156-4-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/1156-1-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/1156-9-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/1156-11-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads