7bf41ebb73ed5af55b2111416874d3fda96adb5766be6037bf1b6c4f5fe2d139 | Triage

Analysis

max time kernel
147s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 08:57

Sharing

Report Analysis Logs

General

Target

61b96d119c1e3d77d850365d6bb618e8.exe
Size

162KB
MD5

61b96d119c1e3d77d850365d6bb618e8
SHA1

c588fa312cbe7b9056dde8756b4ddeb294e3fe8c
SHA256

7bf41ebb73ed5af55b2111416874d3fda96adb5766be6037bf1b6c4f5fe2d139
SHA512

e62e39e40154dd61b2fd3dac4d3ab082524996645ba46ef3d03f6f862dbcaa8129d13d31ec5e92f57b882b89b77020db6de355ff878bff03e3b88d7ac9a7ba97
SSDEEP

3072:qikWW2w2XjEksw02yZJl4EXF5c95/qbP13/GmNOx:zM+4kw5F3yFqbP1umNOx

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3560 set thread context of 2364	3560	61b96d119c1e3d77d850365d6bb618e8.exe	92

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1188	2364	WerFault.exe	92

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3560	61b96d119c1e3d77d850365d6bb618e8.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3560 wrote to memory of 2364	3560	61b96d119c1e3d77d850365d6bb618e8.exe	92
PID 3560 wrote to memory of 2364	3560	61b96d119c1e3d77d850365d6bb618e8.exe	92
PID 3560 wrote to memory of 2364	3560	61b96d119c1e3d77d850365d6bb618e8.exe	92
PID 3560 wrote to memory of 2364	3560	61b96d119c1e3d77d850365d6bb618e8.exe	92
PID 3560 wrote to memory of 2364	3560	61b96d119c1e3d77d850365d6bb618e8.exe	92
PID 3560 wrote to memory of 2364	3560	61b96d119c1e3d77d850365d6bb618e8.exe	92
PID 3560 wrote to memory of 2364	3560	61b96d119c1e3d77d850365d6bb618e8.exe	92
PID 3560 wrote to memory of 2364	3560	61b96d119c1e3d77d850365d6bb618e8.exe	92

C:\Users\Admin\AppData\Local\Temp\61b96d119c1e3d77d850365d6bb618e8.exe
"C:\Users\Admin\AppData\Local\Temp\61b96d119c1e3d77d850365d6bb618e8.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3560
- C:\Users\Admin\AppData\Local\Temp\61b96d119c1e3d77d850365d6bb618e8.exe
  C:\Users\Admin\AppData\Local\Temp\61b96d119c1e3d77d850365d6bb618e8.exe
  2⤵
  PID:2364
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 460
    3⤵
    - Program crash
    PID:1188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 2364 -ip 2364
1⤵
PID:2416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2364-2-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/2364-4-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/2364-5-0x0000000000400000-0x00000000004127A4-memory.dmp

Filesize
73KB

Download