35db8c9d9387fff19e234c0c4520acefcfb7906c3311e92d1643031014936acd

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14-10-2023 03:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

35db8c9d9387fff19e234c0c4520acefcfb7906c3311e92d1643031014936acd.exe
Size

742KB
MD5

e8f2c4652165760519c6353f74c84c8e
SHA1

de9a0b1e42fb43ed97e73f46adcce6215243852c
SHA256

35db8c9d9387fff19e234c0c4520acefcfb7906c3311e92d1643031014936acd
SHA512

48b9f2928c2de7b7f9c25380e93d69b686674034fe7f64d02ed0e4beb142fb715303e809cb5ea4964bfe0dc74b1241e8cbdcc73d9e42b2f685d4e2f3a3407ace
SSDEEP

12288:Pn//yfYb5BIQZVt8H1fhpnsuG3/Nl7lNAEEJhzGfy8OXdLygvooc9:/iuBtZKfhpnsNPFizGK8OtyF

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1004 set thread context of 2648	1004	35db8c9d9387fff19e234c0c4520acefcfb7906c3311e92d1643031014936acd.exe	31

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2508	2648	WerFault.exe	31

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 1004 wrote to memory of 2656	1004	35db8c9d9387fff19e234c0c4520acefcfb7906c3311e92d1643031014936acd.exe	30
PID 1004 wrote to memory of 2656	1004	35db8c9d9387fff19e234c0c4520acefcfb7906c3311e92d1643031014936acd.exe	30
PID 1004 wrote to memory of 2656	1004	35db8c9d9387fff19e234c0c4520acefcfb7906c3311e92d1643031014936acd.exe	30
PID 1004 wrote to memory of 2656	1004	35db8c9d9387fff19e234c0c4520acefcfb7906c3311e92d1643031014936acd.exe	30
PID 1004 wrote to memory of 2656	1004	35db8c9d9387fff19e234c0c4520acefcfb7906c3311e92d1643031014936acd.exe	30
PID 1004 wrote to memory of 2656	1004	35db8c9d9387fff19e234c0c4520acefcfb7906c3311e92d1643031014936acd.exe	30
PID 1004 wrote to memory of 2656	1004	35db8c9d9387fff19e234c0c4520acefcfb7906c3311e92d1643031014936acd.exe	30
PID 1004 wrote to memory of 2648	1004	35db8c9d9387fff19e234c0c4520acefcfb7906c3311e92d1643031014936acd.exe	31
PID 1004 wrote to memory of 2648	1004	35db8c9d9387fff19e234c0c4520acefcfb7906c3311e92d1643031014936acd.exe	31
PID 1004 wrote to memory of 2648	1004	35db8c9d9387fff19e234c0c4520acefcfb7906c3311e92d1643031014936acd.exe	31
PID 1004 wrote to memory of 2648	1004	35db8c9d9387fff19e234c0c4520acefcfb7906c3311e92d1643031014936acd.exe	31
PID 1004 wrote to memory of 2648	1004	35db8c9d9387fff19e234c0c4520acefcfb7906c3311e92d1643031014936acd.exe	31
PID 1004 wrote to memory of 2648	1004	35db8c9d9387fff19e234c0c4520acefcfb7906c3311e92d1643031014936acd.exe	31
PID 1004 wrote to memory of 2648	1004	35db8c9d9387fff19e234c0c4520acefcfb7906c3311e92d1643031014936acd.exe	31
PID 1004 wrote to memory of 2648	1004	35db8c9d9387fff19e234c0c4520acefcfb7906c3311e92d1643031014936acd.exe	31
PID 1004 wrote to memory of 2648	1004	35db8c9d9387fff19e234c0c4520acefcfb7906c3311e92d1643031014936acd.exe	31
PID 1004 wrote to memory of 2648	1004	35db8c9d9387fff19e234c0c4520acefcfb7906c3311e92d1643031014936acd.exe	31
PID 1004 wrote to memory of 2648	1004	35db8c9d9387fff19e234c0c4520acefcfb7906c3311e92d1643031014936acd.exe	31
PID 1004 wrote to memory of 2648	1004	35db8c9d9387fff19e234c0c4520acefcfb7906c3311e92d1643031014936acd.exe	31
PID 1004 wrote to memory of 2648	1004	35db8c9d9387fff19e234c0c4520acefcfb7906c3311e92d1643031014936acd.exe	31
PID 1004 wrote to memory of 2648	1004	35db8c9d9387fff19e234c0c4520acefcfb7906c3311e92d1643031014936acd.exe	31
PID 2648 wrote to memory of 2508	2648	AppLaunch.exe	32
PID 2648 wrote to memory of 2508	2648	AppLaunch.exe	32
PID 2648 wrote to memory of 2508	2648	AppLaunch.exe	32
PID 2648 wrote to memory of 2508	2648	AppLaunch.exe	32
PID 2648 wrote to memory of 2508	2648	AppLaunch.exe	32
PID 2648 wrote to memory of 2508	2648	AppLaunch.exe	32
PID 2648 wrote to memory of 2508	2648	AppLaunch.exe	32

C:\Users\Admin\AppData\Local\Temp\35db8c9d9387fff19e234c0c4520acefcfb7906c3311e92d1643031014936acd.exe
"C:\Users\Admin\AppData\Local\Temp\35db8c9d9387fff19e234c0c4520acefcfb7906c3311e92d1643031014936acd.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1004
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:2656
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2648
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 200
    3⤵
    - Program crash
    PID:2508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2648-0-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2648-1-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2648-2-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2648-3-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2648-4-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2648-5-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2648-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2648-7-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2648-9-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2648-11-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads