f053afdbbe9e2955df89085e0a95576cb32fc6cca1ba02e7872af942bd84ec75

Analysis

max time kernel
122s
max time network
134s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 10:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f053afdbbe9e2955df89085e0a95576cb32fc6cca1ba02e7872af942bd84ec75.exe
Size

1.3MB
MD5

3c980fce67b5dc379aa4c3169c02a2eb
SHA1

68f70d8fcd519506d6fe1695f1f39d7804ef52ff
SHA256

f053afdbbe9e2955df89085e0a95576cb32fc6cca1ba02e7872af942bd84ec75
SHA512

466a94b952d0100081af2ddf332465224240a85874d763f8253be57c4fcfcf6d0f805b689d7cd5a9d5a1224c5b0362e35838fc1569531bbed4f7ef57eee01b9d
SSDEEP

24576:siuBtZbTvdsmgJBMvsj8uJxvZSPJmGH+8bk+WUXJpQ2tSrqUheqbgr:7uBfvAz8k8uJnUbH3bk+NXJ22tShekgr

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1692 set thread context of 1928	1692	f053afdbbe9e2955df89085e0a95576cb32fc6cca1ba02e7872af942bd84ec75.exe	31

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2924	1928	WerFault.exe	31

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 1928	1692	f053afdbbe9e2955df89085e0a95576cb32fc6cca1ba02e7872af942bd84ec75.exe	31
PID 1692 wrote to memory of 1928	1692	f053afdbbe9e2955df89085e0a95576cb32fc6cca1ba02e7872af942bd84ec75.exe	31
PID 1692 wrote to memory of 1928	1692	f053afdbbe9e2955df89085e0a95576cb32fc6cca1ba02e7872af942bd84ec75.exe	31
PID 1692 wrote to memory of 1928	1692	f053afdbbe9e2955df89085e0a95576cb32fc6cca1ba02e7872af942bd84ec75.exe	31
PID 1692 wrote to memory of 1928	1692	f053afdbbe9e2955df89085e0a95576cb32fc6cca1ba02e7872af942bd84ec75.exe	31
PID 1692 wrote to memory of 1928	1692	f053afdbbe9e2955df89085e0a95576cb32fc6cca1ba02e7872af942bd84ec75.exe	31
PID 1692 wrote to memory of 1928	1692	f053afdbbe9e2955df89085e0a95576cb32fc6cca1ba02e7872af942bd84ec75.exe	31
PID 1692 wrote to memory of 1928	1692	f053afdbbe9e2955df89085e0a95576cb32fc6cca1ba02e7872af942bd84ec75.exe	31
PID 1692 wrote to memory of 1928	1692	f053afdbbe9e2955df89085e0a95576cb32fc6cca1ba02e7872af942bd84ec75.exe	31
PID 1692 wrote to memory of 1928	1692	f053afdbbe9e2955df89085e0a95576cb32fc6cca1ba02e7872af942bd84ec75.exe	31
PID 1692 wrote to memory of 1928	1692	f053afdbbe9e2955df89085e0a95576cb32fc6cca1ba02e7872af942bd84ec75.exe	31
PID 1692 wrote to memory of 1928	1692	f053afdbbe9e2955df89085e0a95576cb32fc6cca1ba02e7872af942bd84ec75.exe	31
PID 1692 wrote to memory of 1928	1692	f053afdbbe9e2955df89085e0a95576cb32fc6cca1ba02e7872af942bd84ec75.exe	31
PID 1692 wrote to memory of 1928	1692	f053afdbbe9e2955df89085e0a95576cb32fc6cca1ba02e7872af942bd84ec75.exe	31
PID 1928 wrote to memory of 2924	1928	AppLaunch.exe	32
PID 1928 wrote to memory of 2924	1928	AppLaunch.exe	32
PID 1928 wrote to memory of 2924	1928	AppLaunch.exe	32
PID 1928 wrote to memory of 2924	1928	AppLaunch.exe	32
PID 1928 wrote to memory of 2924	1928	AppLaunch.exe	32
PID 1928 wrote to memory of 2924	1928	AppLaunch.exe	32
PID 1928 wrote to memory of 2924	1928	AppLaunch.exe	32

C:\Users\Admin\AppData\Local\Temp\f053afdbbe9e2955df89085e0a95576cb32fc6cca1ba02e7872af942bd84ec75.exe
"C:\Users\Admin\AppData\Local\Temp\f053afdbbe9e2955df89085e0a95576cb32fc6cca1ba02e7872af942bd84ec75.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1692
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1928
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 200
    3⤵
    - Program crash
    PID:2924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1928-0-0x0000000000400000-0x000000000052A000-memory.dmp

Filesize
1.2MB

Download
memory/1928-1-0x0000000000400000-0x000000000052A000-memory.dmp

Filesize
1.2MB

Download
memory/1928-2-0x0000000000400000-0x000000000052A000-memory.dmp

Filesize
1.2MB

Download
memory/1928-3-0x0000000000400000-0x000000000052A000-memory.dmp

Filesize
1.2MB

Download
memory/1928-4-0x0000000000400000-0x000000000052A000-memory.dmp

Filesize
1.2MB

Download
memory/1928-5-0x0000000000400000-0x000000000052A000-memory.dmp

Filesize
1.2MB

Download
memory/1928-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/1928-7-0x0000000000400000-0x000000000052A000-memory.dmp

Filesize
1.2MB

Download
memory/1928-9-0x0000000000400000-0x000000000052A000-memory.dmp

Filesize
1.2MB

Download
memory/1928-11-0x0000000000400000-0x000000000052A000-memory.dmp

Filesize
1.2MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads