bd2c32d9fef7d64198f61efa1adfc6deb0c354299c36476985249e3e0c70f9c9 | Triage

Analysis

max time kernel
166s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 01:20

Sharing

Report Analysis Logs

General

Target

200fe283f064c6dd2f5272559cba0b5b.exe
Size

15KB
MD5

200fe283f064c6dd2f5272559cba0b5b
SHA1

9bd7d4f241c8ee36e0fb75e16318a747aad80b54
SHA256

bd2c32d9fef7d64198f61efa1adfc6deb0c354299c36476985249e3e0c70f9c9
SHA512

3706e69cfb704045faf49982664512d6c9657d7af604aaef5b4ecdcac48056babb77f6a798618a9f109a630a8ad976bfa828b9d8d97fbf97c80e213b57f75fbe
SSDEEP

384:Y9wCRxhpdXziqMa6Z3AS7AvfOn29zmBlA3yU1WCJL:YykPBy3AS7AvWuAU1WiL

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4504 set thread context of 948	4504	200fe283f064c6dd2f5272559cba0b5b.exe	90

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4584	948	WerFault.exe	90

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4504 wrote to memory of 948	4504	200fe283f064c6dd2f5272559cba0b5b.exe	90
PID 4504 wrote to memory of 948	4504	200fe283f064c6dd2f5272559cba0b5b.exe	90
PID 4504 wrote to memory of 948	4504	200fe283f064c6dd2f5272559cba0b5b.exe	90
PID 4504 wrote to memory of 948	4504	200fe283f064c6dd2f5272559cba0b5b.exe	90
PID 4504 wrote to memory of 948	4504	200fe283f064c6dd2f5272559cba0b5b.exe	90
PID 4504 wrote to memory of 948	4504	200fe283f064c6dd2f5272559cba0b5b.exe	90

C:\Users\Admin\AppData\Local\Temp\200fe283f064c6dd2f5272559cba0b5b.exe
"C:\Users\Admin\AppData\Local\Temp\200fe283f064c6dd2f5272559cba0b5b.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4504
- C:\Users\Admin\AppData\Local\Temp\200fe283f064c6dd2f5272559cba0b5b.exe
  C:\Users\Admin\AppData\Local\Temp\200fe283f064c6dd2f5272559cba0b5b.exe
  2⤵
  PID:948
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 460
    3⤵
    - Program crash
    PID:4584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 948 -ip 948
1⤵
PID:2252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/948-0-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/948-2-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/948-3-0x0000000000400000-0x0000000000402400-memory.dmp

Filesize
9KB

Download