291a879997f29105dc599878aa6bf635eabcfaf97646413f2a4110614234d8ec

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14-10-2023 03:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

291a879997f29105dc599878aa6bf635eabcfaf97646413f2a4110614234d8ec.exe
Size

929KB
MD5

d6dc032aaf1b9960207e19a67aa11a8f
SHA1

bd6728c247061dba9bb1a39ee80f635bdb7d6ad1
SHA256

291a879997f29105dc599878aa6bf635eabcfaf97646413f2a4110614234d8ec
SHA512

d5ee33f59ae5d164c072285f85c50a7e67ae8dfb5528431806b605e0b84d6cb0c4a2f5a0f2fded9e89c0bc279e80c4f2aeb88fc9edb564ec7a972ad5f9916682
SSDEEP

24576:KiuBtZKnzlIEuWq4j8ou7wH1q+ZDcI7G:BuBfKzKWq4aq1HtG

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2464 set thread context of 2808	2464	291a879997f29105dc599878aa6bf635eabcfaf97646413f2a4110614234d8ec.exe	29

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2624	2808	WerFault.exe	29

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 2464 wrote to memory of 2808	2464	291a879997f29105dc599878aa6bf635eabcfaf97646413f2a4110614234d8ec.exe	29
PID 2464 wrote to memory of 2808	2464	291a879997f29105dc599878aa6bf635eabcfaf97646413f2a4110614234d8ec.exe	29
PID 2464 wrote to memory of 2808	2464	291a879997f29105dc599878aa6bf635eabcfaf97646413f2a4110614234d8ec.exe	29
PID 2464 wrote to memory of 2808	2464	291a879997f29105dc599878aa6bf635eabcfaf97646413f2a4110614234d8ec.exe	29
PID 2464 wrote to memory of 2808	2464	291a879997f29105dc599878aa6bf635eabcfaf97646413f2a4110614234d8ec.exe	29
PID 2464 wrote to memory of 2808	2464	291a879997f29105dc599878aa6bf635eabcfaf97646413f2a4110614234d8ec.exe	29
PID 2464 wrote to memory of 2808	2464	291a879997f29105dc599878aa6bf635eabcfaf97646413f2a4110614234d8ec.exe	29
PID 2464 wrote to memory of 2808	2464	291a879997f29105dc599878aa6bf635eabcfaf97646413f2a4110614234d8ec.exe	29
PID 2464 wrote to memory of 2808	2464	291a879997f29105dc599878aa6bf635eabcfaf97646413f2a4110614234d8ec.exe	29
PID 2464 wrote to memory of 2808	2464	291a879997f29105dc599878aa6bf635eabcfaf97646413f2a4110614234d8ec.exe	29
PID 2464 wrote to memory of 2808	2464	291a879997f29105dc599878aa6bf635eabcfaf97646413f2a4110614234d8ec.exe	29
PID 2464 wrote to memory of 2808	2464	291a879997f29105dc599878aa6bf635eabcfaf97646413f2a4110614234d8ec.exe	29
PID 2464 wrote to memory of 2808	2464	291a879997f29105dc599878aa6bf635eabcfaf97646413f2a4110614234d8ec.exe	29
PID 2464 wrote to memory of 2808	2464	291a879997f29105dc599878aa6bf635eabcfaf97646413f2a4110614234d8ec.exe	29
PID 2808 wrote to memory of 2624	2808	AppLaunch.exe	30
PID 2808 wrote to memory of 2624	2808	AppLaunch.exe	30
PID 2808 wrote to memory of 2624	2808	AppLaunch.exe	30
PID 2808 wrote to memory of 2624	2808	AppLaunch.exe	30
PID 2808 wrote to memory of 2624	2808	AppLaunch.exe	30
PID 2808 wrote to memory of 2624	2808	AppLaunch.exe	30
PID 2808 wrote to memory of 2624	2808	AppLaunch.exe	30

C:\Users\Admin\AppData\Local\Temp\291a879997f29105dc599878aa6bf635eabcfaf97646413f2a4110614234d8ec.exe
"C:\Users\Admin\AppData\Local\Temp\291a879997f29105dc599878aa6bf635eabcfaf97646413f2a4110614234d8ec.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2464
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2808
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 200
    3⤵
    - Program crash
    PID:2624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2808-0-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/2808-2-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/2808-4-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/2808-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2808-7-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/2808-5-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/2808-3-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/2808-1-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/2808-9-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/2808-11-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads