84aefaf7175f7bc0d50b18e087ceeb1cb181e2b4f1ce304c7d403183f6df1014 | Triage

Analysis

max time kernel
139s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 09:26

Sharing

Report Analysis Logs

General

Target

147556ebb9f2cacfd006de57f931b4b6.exe
Size

31KB
MD5

147556ebb9f2cacfd006de57f931b4b6
SHA1

88b50f9afb4d3668a39a5e2f7e3838c6d633cce4
SHA256

84aefaf7175f7bc0d50b18e087ceeb1cb181e2b4f1ce304c7d403183f6df1014
SHA512

dd4b71dd0b6c64cf341b2625b8b35cb117320b75e47774ae286513aae89c06336333e3aab406809729ddc5fd571c6a51958837bc57747f3736216ee6725b7949
SSDEEP

384:/ml+EIVfltpfALpM1b7Go/gkZlWGlVgoIa0V:qIrfwcPGo/g8lWGUfT

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4004 set thread context of 952	4004	147556ebb9f2cacfd006de57f931b4b6.exe	93

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4292	952	WerFault.exe	93

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4004	147556ebb9f2cacfd006de57f931b4b6.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 4004 wrote to memory of 952	4004	147556ebb9f2cacfd006de57f931b4b6.exe	93
PID 4004 wrote to memory of 952	4004	147556ebb9f2cacfd006de57f931b4b6.exe	93
PID 4004 wrote to memory of 952	4004	147556ebb9f2cacfd006de57f931b4b6.exe	93
PID 4004 wrote to memory of 952	4004	147556ebb9f2cacfd006de57f931b4b6.exe	93
PID 4004 wrote to memory of 952	4004	147556ebb9f2cacfd006de57f931b4b6.exe	93
PID 4004 wrote to memory of 952	4004	147556ebb9f2cacfd006de57f931b4b6.exe	93
PID 4004 wrote to memory of 952	4004	147556ebb9f2cacfd006de57f931b4b6.exe	93

C:\Users\Admin\AppData\Local\Temp\147556ebb9f2cacfd006de57f931b4b6.exe
"C:\Users\Admin\AppData\Local\Temp\147556ebb9f2cacfd006de57f931b4b6.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4004
- C:\Users\Admin\AppData\Local\Temp\147556ebb9f2cacfd006de57f931b4b6.exe
  "C:\Users\Admin\AppData\Local\Temp\147556ebb9f2cacfd006de57f931b4b6.exe"
  2⤵
  PID:952
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 460
    3⤵
    - Program crash
    PID:4292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 952 -ip 952
1⤵
PID:1896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/952-4-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download
memory/952-6-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download
memory/952-8-0x0000000000400000-0x0000000000401E00-memory.dmp

Filesize
7KB

Download
memory/4004-0-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4004-7-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download