e930edc544fb2f11809c97d0c2654dfdd78ddac38bb3a65cee04721f0ed86da5 | Triage

Analysis

max time kernel
158s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 21:36

Sharing

Report Analysis Logs

General

Target

1d32a2490582ffa4214b5ea41886b543.exe
Size

56KB
MD5

1d32a2490582ffa4214b5ea41886b543
SHA1

dca4ba4f9124bc1735adf1cb6503542d37062a2b
SHA256

e930edc544fb2f11809c97d0c2654dfdd78ddac38bb3a65cee04721f0ed86da5
SHA512

a3233d115fe7efabf6bacf79e4513ff1457308c2dd799fe7883b64eb606208ce769344e476a993921d0428b1cf344de8d7e240591aa9c95e6c62ca6d8a64b44c
SSDEEP

768:WtDNzY5RKJcVnNFDRO+DoJhHCHN1/Hy/e9o0hglD:6NqD4UeHCr/S/guZ

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1908 set thread context of 4864	1908	1d32a2490582ffa4214b5ea41886b543.exe	91

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3376	4864	WerFault.exe	91
3396	4864	WerFault.exe	91

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1908	1d32a2490582ffa4214b5ea41886b543.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 4864	1908	1d32a2490582ffa4214b5ea41886b543.exe	91
PID 1908 wrote to memory of 4864	1908	1d32a2490582ffa4214b5ea41886b543.exe	91
PID 1908 wrote to memory of 4864	1908	1d32a2490582ffa4214b5ea41886b543.exe	91
PID 1908 wrote to memory of 4864	1908	1d32a2490582ffa4214b5ea41886b543.exe	91
PID 1908 wrote to memory of 4864	1908	1d32a2490582ffa4214b5ea41886b543.exe	91
PID 1908 wrote to memory of 4864	1908	1d32a2490582ffa4214b5ea41886b543.exe	91
PID 1908 wrote to memory of 4864	1908	1d32a2490582ffa4214b5ea41886b543.exe	91
PID 1908 wrote to memory of 4864	1908	1d32a2490582ffa4214b5ea41886b543.exe	91
PID 4864 wrote to memory of 3376	4864	1d32a2490582ffa4214b5ea41886b543.exe	94
PID 4864 wrote to memory of 3376	4864	1d32a2490582ffa4214b5ea41886b543.exe	94
PID 4864 wrote to memory of 3376	4864	1d32a2490582ffa4214b5ea41886b543.exe	94

C:\Users\Admin\AppData\Local\Temp\1d32a2490582ffa4214b5ea41886b543.exe
"C:\Users\Admin\AppData\Local\Temp\1d32a2490582ffa4214b5ea41886b543.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Users\Admin\AppData\Local\Temp\1d32a2490582ffa4214b5ea41886b543.exe
  "C:\Users\Admin\AppData\Local\Temp\1d32a2490582ffa4214b5ea41886b543.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4864
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 456
    3⤵
    - Program crash
    PID:3376
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 456
    3⤵
    - Program crash
    PID:3396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 4864 -ip 4864
1⤵
PID:4144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4864-2-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/4864-4-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download