351fadc9f1ddd2bd6bd34ceed2353b8211123e057b52c6aeb60a28643d92f137

Analysis

max time kernel
188s
max time network
294s
platform
windows10-1703_x64
resource
win10-20231220-en
resource tags

arch:x64arch:x86image:win10-20231220-enlocale:en-usos:windows10-1703-x64system
submitted
01/01/2024, 04:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

351fadc9f1ddd2bd6bd34ceed2353b8211123e057b52c6aeb60a28643d92f137.exe
Size

5.2MB
MD5

04f93f610df4d1c941ec7f64679e3039
SHA1

11a8b38934a55d203fa78f13e9b7d24754baf9dc
SHA256

351fadc9f1ddd2bd6bd34ceed2353b8211123e057b52c6aeb60a28643d92f137
SHA512

278aa98a5b62e5939150cef08201a7344a95c3428f9e90e45c26dface8198ed6a1dd52ff830ed7e4ddd3fbc162d9e683ec11fd04af62a505ee6feefccc814b4b
SSDEEP

49152:8jxUCLBTkbWcYz5rTyMHUORJeiHkcO09cl2xeAEynEOsFDqnNg9QFiDxAdlv+nZq:6UCpkUHUyeiHK2r8FDkNgyFo51C2ARt

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
4040	351fadc9f1ddd2bd6bd34ceed2353b8211123e057b52c6aeb60a28643d92f137.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4040 set thread context of 1368	4040	351fadc9f1ddd2bd6bd34ceed2353b8211123e057b52c6aeb60a28643d92f137.exe	74

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1044	1368	WerFault.exe	74

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4040 wrote to memory of 1368	4040	351fadc9f1ddd2bd6bd34ceed2353b8211123e057b52c6aeb60a28643d92f137.exe	74
PID 4040 wrote to memory of 1368	4040	351fadc9f1ddd2bd6bd34ceed2353b8211123e057b52c6aeb60a28643d92f137.exe	74
PID 4040 wrote to memory of 1368	4040	351fadc9f1ddd2bd6bd34ceed2353b8211123e057b52c6aeb60a28643d92f137.exe	74
PID 4040 wrote to memory of 1368	4040	351fadc9f1ddd2bd6bd34ceed2353b8211123e057b52c6aeb60a28643d92f137.exe	74
PID 4040 wrote to memory of 1368	4040	351fadc9f1ddd2bd6bd34ceed2353b8211123e057b52c6aeb60a28643d92f137.exe	74
PID 4040 wrote to memory of 1368	4040	351fadc9f1ddd2bd6bd34ceed2353b8211123e057b52c6aeb60a28643d92f137.exe	74
PID 4040 wrote to memory of 1368	4040	351fadc9f1ddd2bd6bd34ceed2353b8211123e057b52c6aeb60a28643d92f137.exe	74
PID 4040 wrote to memory of 1368	4040	351fadc9f1ddd2bd6bd34ceed2353b8211123e057b52c6aeb60a28643d92f137.exe	74
PID 4040 wrote to memory of 1368	4040	351fadc9f1ddd2bd6bd34ceed2353b8211123e057b52c6aeb60a28643d92f137.exe	74

C:\Users\Admin\AppData\Local\Temp\351fadc9f1ddd2bd6bd34ceed2353b8211123e057b52c6aeb60a28643d92f137.exe
"C:\Users\Admin\AppData\Local\Temp\351fadc9f1ddd2bd6bd34ceed2353b8211123e057b52c6aeb60a28643d92f137.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4040
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
  2⤵
  PID:1368
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 644
    3⤵
    - Program crash
    PID:1044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1368-24-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1368-28-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1368-21-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1368-26-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4040-6-0x00000000055F0000-0x00000000055FA000-memory.dmp

Filesize
40KB

Download
memory/4040-22-0x0000000007C10000-0x0000000007D10000-memory.dmp

Filesize
1024KB

Download
memory/4040-0-0x00000000730E0000-0x00000000737CE000-memory.dmp

Filesize
6.9MB

Download
memory/4040-7-0x0000000006050000-0x0000000006300000-memory.dmp

Filesize
2.7MB

Download
memory/4040-8-0x0000000007300000-0x0000000007492000-memory.dmp

Filesize
1.6MB

Download
memory/4040-17-0x0000000005570000-0x0000000005580000-memory.dmp

Filesize
64KB

Download
memory/4040-5-0x0000000005570000-0x0000000005580000-memory.dmp

Filesize
64KB

Download
memory/4040-27-0x00000000730E0000-0x00000000737CE000-memory.dmp

Filesize
6.9MB

Download
memory/4040-4-0x00000000056F0000-0x000000000578C000-memory.dmp

Filesize
624KB

Download
memory/4040-1-0x0000000000820000-0x0000000000D5E000-memory.dmp

Filesize
5.2MB

Download
memory/4040-3-0x0000000005650000-0x00000000056E2000-memory.dmp

Filesize
584KB

Download
memory/4040-20-0x0000000007C10000-0x0000000007D10000-memory.dmp

Filesize
1024KB

Download
memory/4040-19-0x0000000005570000-0x0000000005580000-memory.dmp

Filesize
64KB

Download
memory/4040-18-0x0000000007C10000-0x0000000007D10000-memory.dmp

Filesize
1024KB

Download
memory/4040-16-0x0000000005570000-0x0000000005580000-memory.dmp

Filesize
64KB

Download
memory/4040-15-0x0000000005570000-0x0000000005580000-memory.dmp

Filesize
64KB

Download
memory/4040-14-0x0000000007950000-0x0000000007960000-memory.dmp

Filesize
64KB

Download
memory/4040-2-0x0000000005B50000-0x000000000604E000-memory.dmp

Filesize
5.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads