226e87bdb9220f52230483099d41414c397daa29e9d5c0a4381fd08e254dc7a8

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
24/10/2023, 00:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.75da6747c4dc7404bd1e51cad50a8860_JC.exe
Size

1.1MB
MD5

75da6747c4dc7404bd1e51cad50a8860
SHA1

7f3d1788068a90696538a7d4a692b1d2db6b1e9f
SHA256

226e87bdb9220f52230483099d41414c397daa29e9d5c0a4381fd08e254dc7a8
SHA512

a3fcc58b1af247ba9e14fe11b1e6f561e429e9b2e0e3dcb90f1f65318fa514d804a1fb1e9fc6a91ec182a087eb87b4e16f69e3e6075f0ce510bfb81215b41f6a
SSDEEP

12288:GJx7tfjOD77CT4Vt711OM4+HtrXufEGCEJ8xVWanynmxuy3NBYGl1IGeq0hFDNJ:2jOD77CT4Vt711Y8refEGMrpnGq

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2896 set thread context of 2372	2896	NEAS.75da6747c4dc7404bd1e51cad50a8860_JC.exe	29

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2368	2372	WerFault.exe	29

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 2372	2896	NEAS.75da6747c4dc7404bd1e51cad50a8860_JC.exe	29
PID 2896 wrote to memory of 2372	2896	NEAS.75da6747c4dc7404bd1e51cad50a8860_JC.exe	29
PID 2896 wrote to memory of 2372	2896	NEAS.75da6747c4dc7404bd1e51cad50a8860_JC.exe	29
PID 2896 wrote to memory of 2372	2896	NEAS.75da6747c4dc7404bd1e51cad50a8860_JC.exe	29
PID 2896 wrote to memory of 2372	2896	NEAS.75da6747c4dc7404bd1e51cad50a8860_JC.exe	29
PID 2896 wrote to memory of 2372	2896	NEAS.75da6747c4dc7404bd1e51cad50a8860_JC.exe	29
PID 2896 wrote to memory of 2372	2896	NEAS.75da6747c4dc7404bd1e51cad50a8860_JC.exe	29
PID 2896 wrote to memory of 2372	2896	NEAS.75da6747c4dc7404bd1e51cad50a8860_JC.exe	29
PID 2896 wrote to memory of 2372	2896	NEAS.75da6747c4dc7404bd1e51cad50a8860_JC.exe	29
PID 2896 wrote to memory of 2372	2896	NEAS.75da6747c4dc7404bd1e51cad50a8860_JC.exe	29
PID 2896 wrote to memory of 2372	2896	NEAS.75da6747c4dc7404bd1e51cad50a8860_JC.exe	29
PID 2896 wrote to memory of 2372	2896	NEAS.75da6747c4dc7404bd1e51cad50a8860_JC.exe	29
PID 2896 wrote to memory of 2372	2896	NEAS.75da6747c4dc7404bd1e51cad50a8860_JC.exe	29
PID 2896 wrote to memory of 2372	2896	NEAS.75da6747c4dc7404bd1e51cad50a8860_JC.exe	29
PID 2372 wrote to memory of 2368	2372	AppLaunch.exe	30
PID 2372 wrote to memory of 2368	2372	AppLaunch.exe	30
PID 2372 wrote to memory of 2368	2372	AppLaunch.exe	30
PID 2372 wrote to memory of 2368	2372	AppLaunch.exe	30
PID 2372 wrote to memory of 2368	2372	AppLaunch.exe	30
PID 2372 wrote to memory of 2368	2372	AppLaunch.exe	30
PID 2372 wrote to memory of 2368	2372	AppLaunch.exe	30

C:\Users\Admin\AppData\Local\Temp\NEAS.75da6747c4dc7404bd1e51cad50a8860_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.75da6747c4dc7404bd1e51cad50a8860_JC.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2372
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 196
    3⤵
    - Program crash
    PID:2368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2372-2-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2372-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2372-7-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2372-5-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2372-4-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2372-3-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2372-1-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2372-0-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2372-9-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2372-11-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads