a3e97dce26c775da231ccba87f9ea9ed39921b7b7cacef12f0ae086913b263e5 | Triage

Analysis

max time kernel
136s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 14:10

Sharing

Report Analysis Logs

General

Target

b92cb06f27febdd6da07181b2f4dc465.exe
Size

487KB
MD5

b92cb06f27febdd6da07181b2f4dc465
SHA1

8ad9e677aa69a079f504c21531f3a684efb3d831
SHA256

a3e97dce26c775da231ccba87f9ea9ed39921b7b7cacef12f0ae086913b263e5
SHA512

7b8bc74ceac8e09ac624f142aac80ec72f913192110b7b725fe76a99fcdda79b49fe30147bed52b7a060cc33b6d6aab5067d064c5351b09cbf7a5a104ec4db42
SSDEEP

12288:sC847Cn7OqKoeMRN3UBDWRf7nHpS37yOlYN+:sCun7OqKoedBiRf7nHYOOlYc

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2712 set thread context of 4404	2712	b92cb06f27febdd6da07181b2f4dc465.exe	92

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3940	4404	WerFault.exe	92

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2712 wrote to memory of 4404	2712	b92cb06f27febdd6da07181b2f4dc465.exe	92
PID 2712 wrote to memory of 4404	2712	b92cb06f27febdd6da07181b2f4dc465.exe	92
PID 2712 wrote to memory of 4404	2712	b92cb06f27febdd6da07181b2f4dc465.exe	92
PID 2712 wrote to memory of 4404	2712	b92cb06f27febdd6da07181b2f4dc465.exe	92

C:\Users\Admin\AppData\Local\Temp\b92cb06f27febdd6da07181b2f4dc465.exe
"C:\Users\Admin\AppData\Local\Temp\b92cb06f27febdd6da07181b2f4dc465.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2712
- C:\Users\Admin\AppData\Local\Temp\b92cb06f27febdd6da07181b2f4dc465.exe
  "C:\Users\Admin\AppData\Local\Temp\b92cb06f27febdd6da07181b2f4dc465.exe"
  2⤵
  PID:4404
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 80
    3⤵
    - Program crash
    PID:3940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4404 -ip 4404
1⤵
PID:4408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads