40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0

Analysis

max time kernel
121s
max time network
132s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 03:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe
Size

741KB
MD5

28344341ea474fe839724bea49da07de
SHA1

a34505fc8fafe00a942083bd12308959bc8103a3
SHA256

40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0
SHA512

73fb0a6b77a214147d3a3a5e95a27a0d83a2f81594f3520ea0a7604856603b6d7053ed9f85eaebe5f47bdedadf6fcafb003abb2897f96d216376b8d37a00372f
SSDEEP

12288:YR//yfYb5BIQZVtYVPZtQNdZ4jfylbKtgETFz5buK/UZTSwb19:siuBtZaZtQHchgEh5L/Y3bv

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2228 set thread context of 1932	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	33

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2664	1932	WerFault.exe	33

Suspicious use of WriteProcessMemory 49 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 620	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	29
PID 2228 wrote to memory of 620	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	29
PID 2228 wrote to memory of 620	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	29
PID 2228 wrote to memory of 620	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	29
PID 2228 wrote to memory of 620	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	29
PID 2228 wrote to memory of 620	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	29
PID 2228 wrote to memory of 620	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	29
PID 2228 wrote to memory of 2760	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	30
PID 2228 wrote to memory of 2760	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	30
PID 2228 wrote to memory of 2760	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	30
PID 2228 wrote to memory of 2760	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	30
PID 2228 wrote to memory of 2760	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	30
PID 2228 wrote to memory of 2760	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	30
PID 2228 wrote to memory of 2760	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	30
PID 2228 wrote to memory of 1088	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	31
PID 2228 wrote to memory of 1088	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	31
PID 2228 wrote to memory of 1088	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	31
PID 2228 wrote to memory of 1088	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	31
PID 2228 wrote to memory of 1088	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	31
PID 2228 wrote to memory of 1088	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	31
PID 2228 wrote to memory of 1088	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	31
PID 2228 wrote to memory of 2600	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	32
PID 2228 wrote to memory of 2600	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	32
PID 2228 wrote to memory of 2600	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	32
PID 2228 wrote to memory of 2600	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	32
PID 2228 wrote to memory of 2600	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	32
PID 2228 wrote to memory of 2600	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	32
PID 2228 wrote to memory of 2600	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	32
PID 2228 wrote to memory of 1932	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	33
PID 2228 wrote to memory of 1932	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	33
PID 2228 wrote to memory of 1932	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	33
PID 2228 wrote to memory of 1932	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	33
PID 2228 wrote to memory of 1932	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	33
PID 2228 wrote to memory of 1932	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	33
PID 2228 wrote to memory of 1932	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	33
PID 2228 wrote to memory of 1932	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	33
PID 2228 wrote to memory of 1932	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	33
PID 2228 wrote to memory of 1932	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	33
PID 2228 wrote to memory of 1932	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	33
PID 2228 wrote to memory of 1932	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	33
PID 2228 wrote to memory of 1932	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	33
PID 2228 wrote to memory of 1932	2228	40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe	33
PID 1932 wrote to memory of 2664	1932	AppLaunch.exe	34
PID 1932 wrote to memory of 2664	1932	AppLaunch.exe	34
PID 1932 wrote to memory of 2664	1932	AppLaunch.exe	34
PID 1932 wrote to memory of 2664	1932	AppLaunch.exe	34
PID 1932 wrote to memory of 2664	1932	AppLaunch.exe	34
PID 1932 wrote to memory of 2664	1932	AppLaunch.exe	34
PID 1932 wrote to memory of 2664	1932	AppLaunch.exe	34

C:\Users\Admin\AppData\Local\Temp\40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe
"C:\Users\Admin\AppData\Local\Temp\40aa442f42d41589d006a2e3e3f5a557d6c1a99eb3ea05d49d810f96ddc4c4a0.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:620
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:2760
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:1088
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:2600
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1932
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 200
    3⤵
    - Program crash
    PID:2664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1932-0-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1932-1-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1932-2-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1932-4-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1932-3-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1932-7-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1932-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/1932-5-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1932-9-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1932-11-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads