b8bbc14b448c298dfcd60bff896c5df2f0b66af2a16b9cea885a49f84893341b

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
16/10/2023, 07:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cc8ccad038c4e93cfe60624963f058e7.exe
Size

295KB
MD5

cc8ccad038c4e93cfe60624963f058e7
SHA1

6219f54e6f64a95dace0ecbd9a244b8cbb51c49c
SHA256

b8bbc14b448c298dfcd60bff896c5df2f0b66af2a16b9cea885a49f84893341b
SHA512

105b5043bcb2b58107dc2a997d7ada408685ca06735319779b52ce0601504f7306d5922439ed7ac112b44067dd50634ab18b074a5b1b292d803d3a5fbf11f7f0
SSDEEP

6144:3ZEe3bpi5aaYUb5ev2Hga16l1IPsDnYz3SmTNBcoiXc10npF6I8TJn:3ZEe3+Gi16WanYtYwy6I8TJn

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2132 set thread context of 2756	2132	cc8ccad038c4e93cfe60624963f058e7.exe	29

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2580	2132	WerFault.exe	27
2328	2756	WerFault.exe	29

Suspicious use of WriteProcessMemory 25 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 2756	2132	cc8ccad038c4e93cfe60624963f058e7.exe	29
PID 2132 wrote to memory of 2756	2132	cc8ccad038c4e93cfe60624963f058e7.exe	29
PID 2132 wrote to memory of 2756	2132	cc8ccad038c4e93cfe60624963f058e7.exe	29
PID 2132 wrote to memory of 2756	2132	cc8ccad038c4e93cfe60624963f058e7.exe	29
PID 2132 wrote to memory of 2756	2132	cc8ccad038c4e93cfe60624963f058e7.exe	29
PID 2132 wrote to memory of 2756	2132	cc8ccad038c4e93cfe60624963f058e7.exe	29
PID 2132 wrote to memory of 2756	2132	cc8ccad038c4e93cfe60624963f058e7.exe	29
PID 2132 wrote to memory of 2756	2132	cc8ccad038c4e93cfe60624963f058e7.exe	29
PID 2132 wrote to memory of 2756	2132	cc8ccad038c4e93cfe60624963f058e7.exe	29
PID 2132 wrote to memory of 2756	2132	cc8ccad038c4e93cfe60624963f058e7.exe	29
PID 2132 wrote to memory of 2756	2132	cc8ccad038c4e93cfe60624963f058e7.exe	29
PID 2132 wrote to memory of 2756	2132	cc8ccad038c4e93cfe60624963f058e7.exe	29
PID 2132 wrote to memory of 2756	2132	cc8ccad038c4e93cfe60624963f058e7.exe	29
PID 2132 wrote to memory of 2756	2132	cc8ccad038c4e93cfe60624963f058e7.exe	29
PID 2132 wrote to memory of 2580	2132	cc8ccad038c4e93cfe60624963f058e7.exe	30
PID 2132 wrote to memory of 2580	2132	cc8ccad038c4e93cfe60624963f058e7.exe	30
PID 2132 wrote to memory of 2580	2132	cc8ccad038c4e93cfe60624963f058e7.exe	30
PID 2132 wrote to memory of 2580	2132	cc8ccad038c4e93cfe60624963f058e7.exe	30
PID 2756 wrote to memory of 2328	2756	AppLaunch.exe	31
PID 2756 wrote to memory of 2328	2756	AppLaunch.exe	31
PID 2756 wrote to memory of 2328	2756	AppLaunch.exe	31
PID 2756 wrote to memory of 2328	2756	AppLaunch.exe	31
PID 2756 wrote to memory of 2328	2756	AppLaunch.exe	31
PID 2756 wrote to memory of 2328	2756	AppLaunch.exe	31
PID 2756 wrote to memory of 2328	2756	AppLaunch.exe	31

C:\Users\Admin\AppData\Local\Temp\cc8ccad038c4e93cfe60624963f058e7.exe
"C:\Users\Admin\AppData\Local\Temp\cc8ccad038c4e93cfe60624963f058e7.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2756
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 196
    3⤵
    - Program crash
    PID:2328
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 72
  2⤵
  - Program crash
  PID:2580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2756-0-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2756-1-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2756-2-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2756-3-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2756-5-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2756-4-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2756-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2756-7-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2756-9-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2756-11-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads