84aeb8c2970f4ab21bf6e163ef23d493a1e09afede8461b54cc7221982f00315

Analysis

max time kernel
118s
max time network
125s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 03:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

84aeb8c2970f4ab21bf6e163ef23d493a1e09afede8461b54cc7221982f00315.exe
Size

742KB
MD5

4980a593c8233dadc5a17ff3f5cf317a
SHA1

1cc4e5651541d3e36c71d81c053c0cc4b6f27496
SHA256

84aeb8c2970f4ab21bf6e163ef23d493a1e09afede8461b54cc7221982f00315
SHA512

bd1b650f7b539fed7053d26361666f8c3957d3e6b6ee444b6d137d29ed3f396d6bd4faf4f8fe27a9b15573457900c6ff4aca6da3e8adf566d1bf675e0f7dc72a
SSDEEP

12288:N2//yfYb5BIQZVtUQ4xt1Jf/MCd/9UsSuPmY/4s+JdP3UxGTiy9:UiuBtZh+tT/MCd/9DfmY/4sAcG

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1496 set thread context of 2236	1496	84aeb8c2970f4ab21bf6e163ef23d493a1e09afede8461b54cc7221982f00315.exe	29

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2444	2236	WerFault.exe	29

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 1496 wrote to memory of 2236	1496	84aeb8c2970f4ab21bf6e163ef23d493a1e09afede8461b54cc7221982f00315.exe	29
PID 1496 wrote to memory of 2236	1496	84aeb8c2970f4ab21bf6e163ef23d493a1e09afede8461b54cc7221982f00315.exe	29
PID 1496 wrote to memory of 2236	1496	84aeb8c2970f4ab21bf6e163ef23d493a1e09afede8461b54cc7221982f00315.exe	29
PID 1496 wrote to memory of 2236	1496	84aeb8c2970f4ab21bf6e163ef23d493a1e09afede8461b54cc7221982f00315.exe	29
PID 1496 wrote to memory of 2236	1496	84aeb8c2970f4ab21bf6e163ef23d493a1e09afede8461b54cc7221982f00315.exe	29
PID 1496 wrote to memory of 2236	1496	84aeb8c2970f4ab21bf6e163ef23d493a1e09afede8461b54cc7221982f00315.exe	29
PID 1496 wrote to memory of 2236	1496	84aeb8c2970f4ab21bf6e163ef23d493a1e09afede8461b54cc7221982f00315.exe	29
PID 1496 wrote to memory of 2236	1496	84aeb8c2970f4ab21bf6e163ef23d493a1e09afede8461b54cc7221982f00315.exe	29
PID 1496 wrote to memory of 2236	1496	84aeb8c2970f4ab21bf6e163ef23d493a1e09afede8461b54cc7221982f00315.exe	29
PID 1496 wrote to memory of 2236	1496	84aeb8c2970f4ab21bf6e163ef23d493a1e09afede8461b54cc7221982f00315.exe	29
PID 1496 wrote to memory of 2236	1496	84aeb8c2970f4ab21bf6e163ef23d493a1e09afede8461b54cc7221982f00315.exe	29
PID 1496 wrote to memory of 2236	1496	84aeb8c2970f4ab21bf6e163ef23d493a1e09afede8461b54cc7221982f00315.exe	29
PID 1496 wrote to memory of 2236	1496	84aeb8c2970f4ab21bf6e163ef23d493a1e09afede8461b54cc7221982f00315.exe	29
PID 1496 wrote to memory of 2236	1496	84aeb8c2970f4ab21bf6e163ef23d493a1e09afede8461b54cc7221982f00315.exe	29
PID 2236 wrote to memory of 2444	2236	AppLaunch.exe	30
PID 2236 wrote to memory of 2444	2236	AppLaunch.exe	30
PID 2236 wrote to memory of 2444	2236	AppLaunch.exe	30
PID 2236 wrote to memory of 2444	2236	AppLaunch.exe	30
PID 2236 wrote to memory of 2444	2236	AppLaunch.exe	30
PID 2236 wrote to memory of 2444	2236	AppLaunch.exe	30
PID 2236 wrote to memory of 2444	2236	AppLaunch.exe	30

C:\Users\Admin\AppData\Local\Temp\84aeb8c2970f4ab21bf6e163ef23d493a1e09afede8461b54cc7221982f00315.exe
"C:\Users\Admin\AppData\Local\Temp\84aeb8c2970f4ab21bf6e163ef23d493a1e09afede8461b54cc7221982f00315.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1496
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2236
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 200
    3⤵
    - Program crash
    PID:2444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2236-7-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2236-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2236-5-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2236-4-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2236-3-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2236-2-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2236-1-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2236-0-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2236-9-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2236-11-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads