Overview

overview

5

Static

static

3

0c2a65e8a2...94.exe

windows7-x64

5

0c2a65e8a2...94.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/12/2023, 18:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0c2a65e8a2167c8319126a242fb70f94.exe

  • Size

    44KB

  • MD5

    0c2a65e8a2167c8319126a242fb70f94

  • SHA1

    3265d9af97bbb97c0d08ece9b0a0e219e7ee7e57

  • SHA256

    786a2c4adf9886f4d431c0e9c9bc7fbe5126a4647af4b048bb6ef994a0b0819e

  • SHA512

    9e4224c502deaf8ad51667d8d81375b0e633dfe24124f7901bb83782721b9df57be3332f70b7c40cc1432f597ef1df86ad56753bd57d14b439ba2e52063b32fc

  • SSDEEP

    768:icgswP6YtDw8wqg3xwDjNDgX19S2I+zIXX+dNZUxgMxjteN:ix6YtcFxxUZa1k2TKKMxj

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0c2a65e8a2167c8319126a242fb70f94.exe
    "C:\Users\Admin\AppData\Local\Temp\0c2a65e8a2167c8319126a242fb70f94.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1188
    • C:\Users\Admin\AppData\Local\Temp\0c2a65e8a2167c8319126a242fb70f94.exe
      "C:\Users\Admin\AppData\Local\Temp\0c2a65e8a2167c8319126a242fb70f94.exe"
      2⤵
        PID:3416
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 80
          3⤵
          • Program crash
          PID:216
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3416 -ip 3416
      1⤵
        PID:4064

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads