a55ec2f0c3ebef886fb024d3147ee7fff8c162955ef8e53c161a04e9fd9d653f

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2023, 15:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9aeed55e2703a03cf9e922dc695db1ab.exe
Size

930KB
MD5

9aeed55e2703a03cf9e922dc695db1ab
SHA1

d00b4d865bc1b3e9b17970e95c45b8efb9e25a16
SHA256

a55ec2f0c3ebef886fb024d3147ee7fff8c162955ef8e53c161a04e9fd9d653f
SHA512

3a5d0b4a92d54786826c5c4f1d861c483aeaa8dabbbbb5dd2763301322bc7d3f42d02f9c25940295011973be53a26afb72a87722396a4d31b1062bd2b5c60f7b
SSDEEP

24576:1F8Q5W9t5E9XB1TXiHgM1APoJwCMbtmrebPKT4GYfpBhtD/:detAvTX2g8SonryPKTjY3

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1732 set thread context of 4968	1732	9aeed55e2703a03cf9e922dc695db1ab.exe	86

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2172	4968	WerFault.exe	86

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4968	9aeed55e2703a03cf9e922dc695db1ab.exe
4968	9aeed55e2703a03cf9e922dc695db1ab.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 4968	1732	9aeed55e2703a03cf9e922dc695db1ab.exe	86
PID 1732 wrote to memory of 4968	1732	9aeed55e2703a03cf9e922dc695db1ab.exe	86
PID 1732 wrote to memory of 4968	1732	9aeed55e2703a03cf9e922dc695db1ab.exe	86
PID 1732 wrote to memory of 4968	1732	9aeed55e2703a03cf9e922dc695db1ab.exe	86
PID 1732 wrote to memory of 4968	1732	9aeed55e2703a03cf9e922dc695db1ab.exe	86
PID 1732 wrote to memory of 4968	1732	9aeed55e2703a03cf9e922dc695db1ab.exe	86

C:\Users\Admin\AppData\Local\Temp\9aeed55e2703a03cf9e922dc695db1ab.exe
"C:\Users\Admin\AppData\Local\Temp\9aeed55e2703a03cf9e922dc695db1ab.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Users\Admin\AppData\Local\Temp\9aeed55e2703a03cf9e922dc695db1ab.exe
  "C:\Users\Admin\AppData\Local\Temp\9aeed55e2703a03cf9e922dc695db1ab.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4968
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 184
    3⤵
    - Program crash
    PID:2172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4968 -ip 4968
1⤵
PID:1984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1732-8-0x0000000005BB0000-0x0000000005BB8000-memory.dmp

Filesize
32KB

Download
memory/1732-9-0x0000000006750000-0x000000000675A000-memory.dmp

Filesize
40KB

Download
memory/1732-2-0x0000000005380000-0x0000000005924000-memory.dmp

Filesize
5.6MB

Download
memory/1732-3-0x0000000004DD0000-0x0000000004E62000-memory.dmp

Filesize
584KB

Download
memory/1732-4-0x0000000004F60000-0x00000000052B4000-memory.dmp

Filesize
3.3MB

Download
memory/1732-5-0x0000000004F50000-0x0000000004F60000-memory.dmp

Filesize
64KB

Download
memory/1732-6-0x0000000005300000-0x000000000530A000-memory.dmp

Filesize
40KB

Download
memory/1732-7-0x0000000005B90000-0x0000000005BAA000-memory.dmp

Filesize
104KB

Download
memory/1732-1-0x0000000000300000-0x00000000003EE000-memory.dmp

Filesize
952KB

Download
memory/1732-10-0x000000000C040000-0x000000000C0D4000-memory.dmp

Filesize
592KB

Download
memory/1732-0-0x00000000749F0000-0x00000000751A0000-memory.dmp

Filesize
7.7MB

Download
memory/1732-11-0x000000000F720000-0x000000000F7BC000-memory.dmp

Filesize
624KB

Download
memory/1732-15-0x00000000749F0000-0x00000000751A0000-memory.dmp

Filesize
7.7MB

Download
memory/4968-14-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4968-12-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4968-16-0x0000000001500000-0x000000000184A000-memory.dmp

Filesize
3.3MB

Download
memory/4968-17-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download