1a27f79e136dcf403bb71babaa451996c96ec8f542d1967935cc614ff799ac81

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/02/2024, 19:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

99f5f3fea5235a689f0420d6be2ca72b.exe
Size

443KB
MD5

99f5f3fea5235a689f0420d6be2ca72b
SHA1

016c8cd757d8b2ef6525bd4da5332566d95a0d15
SHA256

1a27f79e136dcf403bb71babaa451996c96ec8f542d1967935cc614ff799ac81
SHA512

a74f3924e6de57e9f5b738636c1de890a42572f60e98c216f231c9208f703959add118e780d778068afa632bb1f20943ebe8c6e1ff85875b321ea437b490790c
SSDEEP

12288:cyp284UGhoWoQEF3Z4mxxU2U1N55vplUqBV:cyDQmXTUFJpzV

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3268 set thread context of 2692	3268	99f5f3fea5235a689f0420d6be2ca72b.exe	84

Program crash 1 IoCs

pid	pid_target	Process	procid_target
464	2692	WerFault.exe	84

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 3268 wrote to memory of 2692	3268	99f5f3fea5235a689f0420d6be2ca72b.exe	84
PID 3268 wrote to memory of 2692	3268	99f5f3fea5235a689f0420d6be2ca72b.exe	84
PID 3268 wrote to memory of 2692	3268	99f5f3fea5235a689f0420d6be2ca72b.exe	84
PID 3268 wrote to memory of 2692	3268	99f5f3fea5235a689f0420d6be2ca72b.exe	84
PID 3268 wrote to memory of 2692	3268	99f5f3fea5235a689f0420d6be2ca72b.exe	84

C:\Users\Admin\AppData\Local\Temp\99f5f3fea5235a689f0420d6be2ca72b.exe
"C:\Users\Admin\AppData\Local\Temp\99f5f3fea5235a689f0420d6be2ca72b.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3268
- C:\Users\Admin\AppData\Local\Temp\99f5f3fea5235a689f0420d6be2ca72b.exe
  C:\Users\Admin\AppData\Local\Temp\99f5f3fea5235a689f0420d6be2ca72b.exe
  2⤵
  PID:2692
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 184
    3⤵
    - Program crash
    PID:464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2692 -ip 2692
1⤵
PID:1460

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2692-57-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/2692-62-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/3268-0-0x0000000010000000-0x0000000010074000-memory.dmp

Filesize
464KB

Download
memory/3268-1-0x0000000000910000-0x0000000000964000-memory.dmp

Filesize
336KB

Download
memory/3268-2-0x00000000022D0000-0x00000000022D1000-memory.dmp

Filesize
4KB

Download
memory/3268-4-0x0000000002300000-0x0000000002301000-memory.dmp

Filesize
4KB

Download
memory/3268-3-0x00000000021A0000-0x00000000021A1000-memory.dmp

Filesize
4KB

Download
memory/3268-5-0x0000000002180000-0x0000000002181000-memory.dmp

Filesize
4KB

Download
memory/3268-7-0x00000000022F0000-0x00000000022F1000-memory.dmp

Filesize
4KB

Download
memory/3268-6-0x0000000002170000-0x0000000002171000-memory.dmp

Filesize
4KB

Download
memory/3268-8-0x00000000022E0000-0x00000000022E1000-memory.dmp

Filesize
4KB

Download
memory/3268-9-0x0000000002310000-0x0000000002311000-memory.dmp

Filesize
4KB

Download
memory/3268-10-0x0000000002190000-0x0000000002191000-memory.dmp

Filesize
4KB

Download
memory/3268-11-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/3268-12-0x0000000003270000-0x0000000003271000-memory.dmp

Filesize
4KB

Download
memory/3268-14-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/3268-13-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/3268-15-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/3268-16-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/3268-17-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/3268-18-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/3268-19-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/3268-20-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/3268-21-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/3268-22-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/3268-23-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/3268-24-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/3268-26-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/3268-25-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/3268-27-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/3268-28-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/3268-30-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/3268-31-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/3268-29-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/3268-32-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/3268-33-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/3268-34-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/3268-35-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/3268-36-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/3268-37-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/3268-40-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/3268-39-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/3268-38-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/3268-41-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/3268-42-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/3268-43-0x0000000002160000-0x0000000002161000-memory.dmp

Filesize
4KB

Download
memory/3268-45-0x0000000002160000-0x0000000002161000-memory.dmp

Filesize
4KB

Download
memory/3268-44-0x0000000002160000-0x0000000002161000-memory.dmp

Filesize
4KB

Download
memory/3268-46-0x0000000002160000-0x0000000002161000-memory.dmp

Filesize
4KB

Download
memory/3268-47-0x0000000002160000-0x0000000002161000-memory.dmp

Filesize
4KB

Download
memory/3268-48-0x0000000002160000-0x0000000002161000-memory.dmp

Filesize
4KB

Download
memory/3268-49-0x0000000002160000-0x0000000002161000-memory.dmp

Filesize
4KB

Download
memory/3268-51-0x0000000002320000-0x0000000002321000-memory.dmp

Filesize
4KB

Download
memory/3268-52-0x0000000002320000-0x0000000002321000-memory.dmp

Filesize
4KB

Download
memory/3268-50-0x0000000002320000-0x0000000002321000-memory.dmp

Filesize
4KB

Download
memory/3268-53-0x0000000002320000-0x0000000002321000-memory.dmp

Filesize
4KB

Download
memory/3268-54-0x0000000002320000-0x0000000002321000-memory.dmp

Filesize
4KB

Download
memory/3268-55-0x0000000002320000-0x0000000002321000-memory.dmp

Filesize
4KB

Download
memory/3268-56-0x0000000002160000-0x0000000002161000-memory.dmp

Filesize
4KB

Download
memory/3268-59-0x0000000000480000-0x0000000000481000-memory.dmp

Filesize
4KB

Download
memory/3268-64-0x0000000000910000-0x0000000000964000-memory.dmp

Filesize
336KB

Download
memory/3268-63-0x00000000032B0000-0x00000000032B1000-memory.dmp

Filesize
4KB

Download
memory/3268-65-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/3268-60-0x0000000010000000-0x0000000010074000-memory.dmp

Filesize
464KB

Download
memory/3268-61-0x0000000000490000-0x0000000000491000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads