70b09e48bc91995e48503b5579330bf92bed9904bab59890840f529a9c75ed0e

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
24-10-2023 04:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

70b09e48bc91995e48503b5579330bf92bed9904bab59890840f529a9c75ed0e.exe
Size

1.1MB
MD5

bd111762b32b181e047b54df1144be87
SHA1

9d2ae2b0b69ab434c741df8cd88b48d1a341f22c
SHA256

70b09e48bc91995e48503b5579330bf92bed9904bab59890840f529a9c75ed0e
SHA512

369c91e2a18f32ed8ece7d6f33df87dfe0cd7afb9657ed9020a2cec3a98f1bebd9f9d8ea523d1e5075f53e44ac73e63c08cad4c2d26eecaaea49f3f9403a77d2
SSDEEP

12288:AkNl2APenecTZihaqG5hMFazqBcGevaZtVV5dalh0gxcurJPx4vK2NlTj07M:A9APendTZihaqXFgGevIXDQIKUlTW

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2908 set thread context of 2988	2908	70b09e48bc91995e48503b5579330bf92bed9904bab59890840f529a9c75ed0e.exe	29

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2400	2988	WerFault.exe	29

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 2908 wrote to memory of 2924	2908	70b09e48bc91995e48503b5579330bf92bed9904bab59890840f529a9c75ed0e.exe	28
PID 2908 wrote to memory of 2924	2908	70b09e48bc91995e48503b5579330bf92bed9904bab59890840f529a9c75ed0e.exe	28
PID 2908 wrote to memory of 2924	2908	70b09e48bc91995e48503b5579330bf92bed9904bab59890840f529a9c75ed0e.exe	28
PID 2908 wrote to memory of 2924	2908	70b09e48bc91995e48503b5579330bf92bed9904bab59890840f529a9c75ed0e.exe	28
PID 2908 wrote to memory of 2924	2908	70b09e48bc91995e48503b5579330bf92bed9904bab59890840f529a9c75ed0e.exe	28
PID 2908 wrote to memory of 2924	2908	70b09e48bc91995e48503b5579330bf92bed9904bab59890840f529a9c75ed0e.exe	28
PID 2908 wrote to memory of 2924	2908	70b09e48bc91995e48503b5579330bf92bed9904bab59890840f529a9c75ed0e.exe	28
PID 2908 wrote to memory of 2988	2908	70b09e48bc91995e48503b5579330bf92bed9904bab59890840f529a9c75ed0e.exe	29
PID 2908 wrote to memory of 2988	2908	70b09e48bc91995e48503b5579330bf92bed9904bab59890840f529a9c75ed0e.exe	29
PID 2908 wrote to memory of 2988	2908	70b09e48bc91995e48503b5579330bf92bed9904bab59890840f529a9c75ed0e.exe	29
PID 2908 wrote to memory of 2988	2908	70b09e48bc91995e48503b5579330bf92bed9904bab59890840f529a9c75ed0e.exe	29
PID 2908 wrote to memory of 2988	2908	70b09e48bc91995e48503b5579330bf92bed9904bab59890840f529a9c75ed0e.exe	29
PID 2908 wrote to memory of 2988	2908	70b09e48bc91995e48503b5579330bf92bed9904bab59890840f529a9c75ed0e.exe	29
PID 2908 wrote to memory of 2988	2908	70b09e48bc91995e48503b5579330bf92bed9904bab59890840f529a9c75ed0e.exe	29
PID 2908 wrote to memory of 2988	2908	70b09e48bc91995e48503b5579330bf92bed9904bab59890840f529a9c75ed0e.exe	29
PID 2908 wrote to memory of 2988	2908	70b09e48bc91995e48503b5579330bf92bed9904bab59890840f529a9c75ed0e.exe	29
PID 2908 wrote to memory of 2988	2908	70b09e48bc91995e48503b5579330bf92bed9904bab59890840f529a9c75ed0e.exe	29
PID 2908 wrote to memory of 2988	2908	70b09e48bc91995e48503b5579330bf92bed9904bab59890840f529a9c75ed0e.exe	29
PID 2908 wrote to memory of 2988	2908	70b09e48bc91995e48503b5579330bf92bed9904bab59890840f529a9c75ed0e.exe	29
PID 2908 wrote to memory of 2988	2908	70b09e48bc91995e48503b5579330bf92bed9904bab59890840f529a9c75ed0e.exe	29
PID 2908 wrote to memory of 2988	2908	70b09e48bc91995e48503b5579330bf92bed9904bab59890840f529a9c75ed0e.exe	29
PID 2988 wrote to memory of 2400	2988	AppLaunch.exe	30
PID 2988 wrote to memory of 2400	2988	AppLaunch.exe	30
PID 2988 wrote to memory of 2400	2988	AppLaunch.exe	30
PID 2988 wrote to memory of 2400	2988	AppLaunch.exe	30
PID 2988 wrote to memory of 2400	2988	AppLaunch.exe	30
PID 2988 wrote to memory of 2400	2988	AppLaunch.exe	30
PID 2988 wrote to memory of 2400	2988	AppLaunch.exe	30

C:\Users\Admin\AppData\Local\Temp\70b09e48bc91995e48503b5579330bf92bed9904bab59890840f529a9c75ed0e.exe
"C:\Users\Admin\AppData\Local\Temp\70b09e48bc91995e48503b5579330bf92bed9904bab59890840f529a9c75ed0e.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2908
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:2924
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2988
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 196
    3⤵
    - Program crash
    PID:2400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2988-0-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2988-2-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2988-1-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2988-5-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2988-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2988-4-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2988-3-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2988-7-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2988-9-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2988-11-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads