Overview

overview

5

Static

static

3

winprofile

windows7-x64

5

winprofile

windows10-1703-x64

5

Analysis

  • max time kernel
    117s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    24/10/2023, 06:07 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1AE46Yf6.exe

  • Size

    320KB

  • MD5

    e941da6fe6a36a6e4c84d19a15d99743

  • SHA1

    d557bd482ed220d9f1f6b06ec3791ad9d41af036

  • SHA256

    6f955c6d0db18df11a8c1797208beb949eb30b5bd0443f7adb9731615b368aa8

  • SHA512

    45a973c191368cc56f6ff79a235ad7103f54df6a5d32ee7d11d4e3346af1cc60996caa1c6e94a4fa21789ad9f7ee57a82dde607455ca8fb48407c60cbd023920

  • SSDEEP

    6144:MdaK3l99cV4E4qtnx6GTDKSa+dSecKnXq6KtvrY0FeETkhxnd:TK199yNTWSeSXq6KJVSxnd

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1AE46Yf6.exe
    "C:\Users\Admin\AppData\Local\Temp\1AE46Yf6.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1608
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1556
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 196
        3⤵
        • Program crash
        PID:2552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1556-0-0x0000000000400000-0x0000000000432000-memory.dmp

    Filesize

    200KB

    Download

  • memory/1556-1-0x0000000000400000-0x0000000000432000-memory.dmp

    Filesize

    200KB

    Download

  • memory/1556-2-0x0000000000400000-0x0000000000432000-memory.dmp

    Filesize

    200KB

    Download

  • memory/1556-3-0x0000000000400000-0x0000000000432000-memory.dmp

    Filesize

    200KB

    Download

  • memory/1556-4-0x0000000000400000-0x0000000000432000-memory.dmp

    Filesize

    200KB

    Download

  • memory/1556-5-0x0000000000400000-0x0000000000432000-memory.dmp

    Filesize

    200KB

    Download

  • memory/1556-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1556-7-0x0000000000400000-0x0000000000432000-memory.dmp

    Filesize

    200KB

    Download

  • memory/1556-9-0x0000000000400000-0x0000000000432000-memory.dmp

    Filesize

    200KB

    Download

  • memory/1556-11-0x0000000000400000-0x0000000000432000-memory.dmp

    Filesize

    200KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.