70a1546a27e842e2f61f27f2e879783152af547b3a629b974643d52034635985

Analysis

max time kernel
121s
max time network
130s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 02:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

70a1546a27e842e2f61f27f2e879783152af547b3a629b974643d52034635985.exe
Size

1.3MB
MD5

ed3dfc9edf55cca3fda914686bf69102
SHA1

8d6f45821ed79884c9d5098f3fa5fa5e2b75fa19
SHA256

70a1546a27e842e2f61f27f2e879783152af547b3a629b974643d52034635985
SHA512

ed39b8ed6646dfec865fbda2d2872e8d22cf8abb0f7e9a62171c91cf2b42b79ef008db40369adc9c5917da695da68581d135852359eb8dcf8ece5f10601daefb
SSDEEP

24576:7iuBtZQ+Ga3S/lnMkjheIsNH4gRTMxTQ/Roy/GuN5TcuGEebHnqRgQd:OuBfNCMkj4IsNHbOl4+y/2uyjwd

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2776 set thread context of 2032	2776	70a1546a27e842e2f61f27f2e879783152af547b3a629b974643d52034635985.exe	31

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1148	2032	WerFault.exe	31

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 2776 wrote to memory of 2032	2776	70a1546a27e842e2f61f27f2e879783152af547b3a629b974643d52034635985.exe	31
PID 2776 wrote to memory of 2032	2776	70a1546a27e842e2f61f27f2e879783152af547b3a629b974643d52034635985.exe	31
PID 2776 wrote to memory of 2032	2776	70a1546a27e842e2f61f27f2e879783152af547b3a629b974643d52034635985.exe	31
PID 2776 wrote to memory of 2032	2776	70a1546a27e842e2f61f27f2e879783152af547b3a629b974643d52034635985.exe	31
PID 2776 wrote to memory of 2032	2776	70a1546a27e842e2f61f27f2e879783152af547b3a629b974643d52034635985.exe	31
PID 2776 wrote to memory of 2032	2776	70a1546a27e842e2f61f27f2e879783152af547b3a629b974643d52034635985.exe	31
PID 2776 wrote to memory of 2032	2776	70a1546a27e842e2f61f27f2e879783152af547b3a629b974643d52034635985.exe	31
PID 2776 wrote to memory of 2032	2776	70a1546a27e842e2f61f27f2e879783152af547b3a629b974643d52034635985.exe	31
PID 2776 wrote to memory of 2032	2776	70a1546a27e842e2f61f27f2e879783152af547b3a629b974643d52034635985.exe	31
PID 2776 wrote to memory of 2032	2776	70a1546a27e842e2f61f27f2e879783152af547b3a629b974643d52034635985.exe	31
PID 2776 wrote to memory of 2032	2776	70a1546a27e842e2f61f27f2e879783152af547b3a629b974643d52034635985.exe	31
PID 2776 wrote to memory of 2032	2776	70a1546a27e842e2f61f27f2e879783152af547b3a629b974643d52034635985.exe	31
PID 2776 wrote to memory of 2032	2776	70a1546a27e842e2f61f27f2e879783152af547b3a629b974643d52034635985.exe	31
PID 2776 wrote to memory of 2032	2776	70a1546a27e842e2f61f27f2e879783152af547b3a629b974643d52034635985.exe	31
PID 2032 wrote to memory of 1148	2032	AppLaunch.exe	32
PID 2032 wrote to memory of 1148	2032	AppLaunch.exe	32
PID 2032 wrote to memory of 1148	2032	AppLaunch.exe	32
PID 2032 wrote to memory of 1148	2032	AppLaunch.exe	32
PID 2032 wrote to memory of 1148	2032	AppLaunch.exe	32
PID 2032 wrote to memory of 1148	2032	AppLaunch.exe	32
PID 2032 wrote to memory of 1148	2032	AppLaunch.exe	32

C:\Users\Admin\AppData\Local\Temp\70a1546a27e842e2f61f27f2e879783152af547b3a629b974643d52034635985.exe
"C:\Users\Admin\AppData\Local\Temp\70a1546a27e842e2f61f27f2e879783152af547b3a629b974643d52034635985.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2776
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2032
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 200
    3⤵
    - Program crash
    PID:1148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2032-0-0x0000000000400000-0x000000000052A000-memory.dmp

Filesize
1.2MB

Download
memory/2032-3-0x0000000000400000-0x000000000052A000-memory.dmp

Filesize
1.2MB

Download
memory/2032-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2032-5-0x0000000000400000-0x000000000052A000-memory.dmp

Filesize
1.2MB

Download
memory/2032-7-0x0000000000400000-0x000000000052A000-memory.dmp

Filesize
1.2MB

Download
memory/2032-4-0x0000000000400000-0x000000000052A000-memory.dmp

Filesize
1.2MB

Download
memory/2032-2-0x0000000000400000-0x000000000052A000-memory.dmp

Filesize
1.2MB

Download
memory/2032-1-0x0000000000400000-0x000000000052A000-memory.dmp

Filesize
1.2MB

Download
memory/2032-9-0x0000000000400000-0x000000000052A000-memory.dmp

Filesize
1.2MB

Download
memory/2032-11-0x0000000000400000-0x000000000052A000-memory.dmp

Filesize
1.2MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads