13dd9df5717e2da46c052d4728b4c71d4a8a99f961654ab2de5dc0c7c10b0575 | Triage

Analysis

max time kernel
138s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
27/01/2024, 19:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7b1d4b99a4234d17bbafa330ede7d0c7.exe
Size

91KB
MD5

7b1d4b99a4234d17bbafa330ede7d0c7
SHA1

a34831ab4e5beb8ca4c984c032edfc900e7511dd
SHA256

13dd9df5717e2da46c052d4728b4c71d4a8a99f961654ab2de5dc0c7c10b0575
SHA512

a402f1e9e94f77c0296ed1e799288bdae8ad09067bad2889600d27aff490ef28e033ce5c68f559d3d3531b1bde9fdd5ac4a707c4c4025569e7d07361ab1b9304
SSDEEP

1536:JqiKGLgaTwW3EA81B2tqtGks48dIvMwnh7:1KMT7p81B2tqtvV8qnh7

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 984 set thread context of 2220	984	7b1d4b99a4234d17bbafa330ede7d0c7.exe	86

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1648	2220	WerFault.exe	86
496	2220	WerFault.exe	86

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 984 wrote to memory of 2220	984	7b1d4b99a4234d17bbafa330ede7d0c7.exe	86
PID 984 wrote to memory of 2220	984	7b1d4b99a4234d17bbafa330ede7d0c7.exe	86
PID 984 wrote to memory of 2220	984	7b1d4b99a4234d17bbafa330ede7d0c7.exe	86
PID 984 wrote to memory of 2220	984	7b1d4b99a4234d17bbafa330ede7d0c7.exe	86

C:\Users\Admin\AppData\Local\Temp\7b1d4b99a4234d17bbafa330ede7d0c7.exe
"C:\Users\Admin\AppData\Local\Temp\7b1d4b99a4234d17bbafa330ede7d0c7.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:984
- C:\Windows\SysWOW64\svchost.exe
  svchost.exe
  2⤵
  PID:2220
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 256
    3⤵
    - Program crash
    PID:1648
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 264
    3⤵
    - Program crash
    PID:496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 2220 -ip 2220
1⤵
PID:1376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2220 -ip 2220
1⤵
PID:4472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/984-0-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/984-1-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2220-2-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download