fe660622564391cd99cbe9a02f0d55b2cdbadae1fff7b0fb500e02a896bc0d43 | Triage

Analysis

max time kernel
183s
max time network
199s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 20:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

036ed76f487d7c85641c4f6910b76f16.exe
Size

28KB
MD5

036ed76f487d7c85641c4f6910b76f16
SHA1

d9801f37e5ace2c90530386081e23956c10db5e3
SHA256

fe660622564391cd99cbe9a02f0d55b2cdbadae1fff7b0fb500e02a896bc0d43
SHA512

0896072311406241a6c6d39a11f46e3ab25a568b1acf0f5adfe046aa6a77b2f95e6601686d708f37645cf9e6ee638df9d60c96956f00d62fc69c07189a095e80
SSDEEP

768:FwoP2jhbanF0SJS+v7EPA3PLq7RHpTyli5a:FwoPjnDJFv7EPA/LErTV4

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3888 set thread context of 632	3888	036ed76f487d7c85641c4f6910b76f16.exe	92

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1876	632	WerFault.exe	92

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3888 wrote to memory of 632	3888	036ed76f487d7c85641c4f6910b76f16.exe	92
PID 3888 wrote to memory of 632	3888	036ed76f487d7c85641c4f6910b76f16.exe	92
PID 3888 wrote to memory of 632	3888	036ed76f487d7c85641c4f6910b76f16.exe	92
PID 3888 wrote to memory of 632	3888	036ed76f487d7c85641c4f6910b76f16.exe	92
PID 3888 wrote to memory of 632	3888	036ed76f487d7c85641c4f6910b76f16.exe	92
PID 3888 wrote to memory of 632	3888	036ed76f487d7c85641c4f6910b76f16.exe	92

C:\Users\Admin\AppData\Local\Temp\036ed76f487d7c85641c4f6910b76f16.exe
"C:\Users\Admin\AppData\Local\Temp\036ed76f487d7c85641c4f6910b76f16.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3888
- C:\Users\Admin\AppData\Local\Temp\036ed76f487d7c85641c4f6910b76f16.exe
  C:\Users\Admin\AppData\Local\Temp\036ed76f487d7c85641c4f6910b76f16.exe
  2⤵
  PID:632
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 464
    3⤵
    - Program crash
    PID:1876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 632 -ip 632
1⤵
PID:4492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/632-3-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download
memory/632-0-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download
memory/632-5-0x0000000000400000-0x0000000000401C00-memory.dmp

Filesize
7KB

Download
memory/3888-1-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download