5e37da365fd3b6ba06283a977b9940d50c51ef66aac7bd20d1f2894cbe45f0fc | Triage

Analysis

max time kernel
140s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 22:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

051b6f3c39d8696f8fcd23130a577d7f.exe
Size

58KB
MD5

051b6f3c39d8696f8fcd23130a577d7f
SHA1

e418d79a18f51b45197a1e0b608e8d9159c0e73d
SHA256

5e37da365fd3b6ba06283a977b9940d50c51ef66aac7bd20d1f2894cbe45f0fc
SHA512

a9141ed4566740176bf4e5abbd98e1f3af10aa0b4f99be5f09f907f736080676838e91f3274e4d6a1cbf3de898a1756f25053ec290e0ed597c30032031db9eb2
SSDEEP

1536:IgEnakJtmRLoPSzJDh2XEpP8eSVzJ80e2Xt9fK3ULZYu:9EXvmpxw0FHZ0TXlWu

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2768 set thread context of 3464	2768	051b6f3c39d8696f8fcd23130a577d7f.exe	87

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4512	3464	WerFault.exe	87

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2768 wrote to memory of 3464	2768	051b6f3c39d8696f8fcd23130a577d7f.exe	87
PID 2768 wrote to memory of 3464	2768	051b6f3c39d8696f8fcd23130a577d7f.exe	87
PID 2768 wrote to memory of 3464	2768	051b6f3c39d8696f8fcd23130a577d7f.exe	87
PID 2768 wrote to memory of 3464	2768	051b6f3c39d8696f8fcd23130a577d7f.exe	87
PID 2768 wrote to memory of 3464	2768	051b6f3c39d8696f8fcd23130a577d7f.exe	87

C:\Users\Admin\AppData\Local\Temp\051b6f3c39d8696f8fcd23130a577d7f.exe
"C:\Users\Admin\AppData\Local\Temp\051b6f3c39d8696f8fcd23130a577d7f.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2768
- C:\Users\Admin\AppData\Local\Temp\051b6f3c39d8696f8fcd23130a577d7f.exe
  "C:\Users\Admin\AppData\Local\Temp\051b6f3c39d8696f8fcd23130a577d7f.exe"
  2⤵
  PID:3464
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 12
    3⤵
    - Program crash
    PID:4512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3464 -ip 3464
1⤵
PID:4376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2768-1-0x0000000013140000-0x0000000013156000-memory.dmp

Filesize
88KB

Download
memory/3464-0-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download