fcae6def51f4ee3d5cf646acc1137369afad8d01da484597ac3c4653a8def1b4

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
16/10/2023, 14:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e09064b0d81a06031fc4f0797ae5d941595945d86c6917d235e96810bd7dcf9e.exe
Size

295KB
MD5

5f42fe0bb9d37edfd620471a130b4d28
SHA1

c7c2601e06d198eea198a3cdd347b0097f821aaa
SHA256

e09064b0d81a06031fc4f0797ae5d941595945d86c6917d235e96810bd7dcf9e
SHA512

6059c72e7319791ff33c0de31ddd729d0858ece39eefb88a631ab40b929f97cb2db315338d8ec4b0e4df89dbc0e5548915d013e450a699c622bd1b12a152c293
SSDEEP

6144:T7ZEe3bpi5aaYlMB0kqyUQUE18pXVajC3mUeqs8b/+OI8TJn:T7ZEe3sBsysEMXVXW+7I8TJn

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2600 set thread context of 2800	2600	e09064b0d81a06031fc4f0797ae5d941595945d86c6917d235e96810bd7dcf9e.exe	29

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2660	2600	WerFault.exe	14
2708	2800	WerFault.exe	29

Suspicious use of WriteProcessMemory 25 IoCs

description	pid	Process	procid_target
PID 2600 wrote to memory of 2800	2600	e09064b0d81a06031fc4f0797ae5d941595945d86c6917d235e96810bd7dcf9e.exe	29
PID 2600 wrote to memory of 2800	2600	e09064b0d81a06031fc4f0797ae5d941595945d86c6917d235e96810bd7dcf9e.exe	29
PID 2600 wrote to memory of 2800	2600	e09064b0d81a06031fc4f0797ae5d941595945d86c6917d235e96810bd7dcf9e.exe	29
PID 2600 wrote to memory of 2800	2600	e09064b0d81a06031fc4f0797ae5d941595945d86c6917d235e96810bd7dcf9e.exe	29
PID 2600 wrote to memory of 2800	2600	e09064b0d81a06031fc4f0797ae5d941595945d86c6917d235e96810bd7dcf9e.exe	29
PID 2600 wrote to memory of 2800	2600	e09064b0d81a06031fc4f0797ae5d941595945d86c6917d235e96810bd7dcf9e.exe	29
PID 2600 wrote to memory of 2800	2600	e09064b0d81a06031fc4f0797ae5d941595945d86c6917d235e96810bd7dcf9e.exe	29
PID 2600 wrote to memory of 2800	2600	e09064b0d81a06031fc4f0797ae5d941595945d86c6917d235e96810bd7dcf9e.exe	29
PID 2600 wrote to memory of 2800	2600	e09064b0d81a06031fc4f0797ae5d941595945d86c6917d235e96810bd7dcf9e.exe	29
PID 2600 wrote to memory of 2800	2600	e09064b0d81a06031fc4f0797ae5d941595945d86c6917d235e96810bd7dcf9e.exe	29
PID 2600 wrote to memory of 2800	2600	e09064b0d81a06031fc4f0797ae5d941595945d86c6917d235e96810bd7dcf9e.exe	29
PID 2600 wrote to memory of 2800	2600	e09064b0d81a06031fc4f0797ae5d941595945d86c6917d235e96810bd7dcf9e.exe	29
PID 2600 wrote to memory of 2800	2600	e09064b0d81a06031fc4f0797ae5d941595945d86c6917d235e96810bd7dcf9e.exe	29
PID 2600 wrote to memory of 2800	2600	e09064b0d81a06031fc4f0797ae5d941595945d86c6917d235e96810bd7dcf9e.exe	29
PID 2600 wrote to memory of 2660	2600	e09064b0d81a06031fc4f0797ae5d941595945d86c6917d235e96810bd7dcf9e.exe	30
PID 2600 wrote to memory of 2660	2600	e09064b0d81a06031fc4f0797ae5d941595945d86c6917d235e96810bd7dcf9e.exe	30
PID 2600 wrote to memory of 2660	2600	e09064b0d81a06031fc4f0797ae5d941595945d86c6917d235e96810bd7dcf9e.exe	30
PID 2600 wrote to memory of 2660	2600	e09064b0d81a06031fc4f0797ae5d941595945d86c6917d235e96810bd7dcf9e.exe	30
PID 2800 wrote to memory of 2708	2800	AppLaunch.exe	31
PID 2800 wrote to memory of 2708	2800	AppLaunch.exe	31
PID 2800 wrote to memory of 2708	2800	AppLaunch.exe	31
PID 2800 wrote to memory of 2708	2800	AppLaunch.exe	31
PID 2800 wrote to memory of 2708	2800	AppLaunch.exe	31
PID 2800 wrote to memory of 2708	2800	AppLaunch.exe	31
PID 2800 wrote to memory of 2708	2800	AppLaunch.exe	31

C:\Users\Admin\AppData\Local\Temp\e09064b0d81a06031fc4f0797ae5d941595945d86c6917d235e96810bd7dcf9e.exe
"C:\Users\Admin\AppData\Local\Temp\e09064b0d81a06031fc4f0797ae5d941595945d86c6917d235e96810bd7dcf9e.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2600
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2800
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 196
    3⤵
    - Program crash
    PID:2708
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 72
  2⤵
  - Program crash
  PID:2660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2800-0-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2800-1-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2800-2-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2800-3-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2800-4-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2800-5-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2800-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2800-7-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2800-9-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2800-11-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads