Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
25-02-2024 04:58
Static task
static1
Behavioral task
behavioral1
Sample
4010a68d26a450fc9ad24a82d72c10483690f67b3d9a592a156c0a6942f1169d.exe
Resource
win7-20240221-en
3 signatures
150 seconds
General
-
Target
4010a68d26a450fc9ad24a82d72c10483690f67b3d9a592a156c0a6942f1169d.exe
-
Size
315KB
-
MD5
b196aee0a5e061fef0df919c7218d8f6
-
SHA1
c3e0cb601429a22ee3d636a21344c6d58b56b1c3
-
SHA256
4010a68d26a450fc9ad24a82d72c10483690f67b3d9a592a156c0a6942f1169d
-
SHA512
2f5b631f2b0604720d3451c4470e9bedaf74a50a60918bd1a154470ed16ac2b07989894646663e75147c1930aa0df22d634358b5334615408607e253cced39f3
-
SSDEEP
6144:W2T2nughgHEropoJ2VY2fBTYfUrfsg6HjGqjGmO4CxBKwZlmNEIoU:W2T2ug6HfI2VY2fRY8L8HiyGP+wZ8R
Score
5/10
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
4010a68d26a450fc9ad24a82d72c10483690f67b3d9a592a156c0a6942f1169d.exedescription pid process target process PID 1540 set thread context of 2992 1540 4010a68d26a450fc9ad24a82d72c10483690f67b3d9a592a156c0a6942f1169d.exe RegAsm.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2680 2992 WerFault.exe RegAsm.exe -
Suspicious use of WriteProcessMemory 17 IoCs
Processes:
4010a68d26a450fc9ad24a82d72c10483690f67b3d9a592a156c0a6942f1169d.exeRegAsm.exedescription pid process target process PID 1540 wrote to memory of 2992 1540 4010a68d26a450fc9ad24a82d72c10483690f67b3d9a592a156c0a6942f1169d.exe RegAsm.exe PID 1540 wrote to memory of 2992 1540 4010a68d26a450fc9ad24a82d72c10483690f67b3d9a592a156c0a6942f1169d.exe RegAsm.exe PID 1540 wrote to memory of 2992 1540 4010a68d26a450fc9ad24a82d72c10483690f67b3d9a592a156c0a6942f1169d.exe RegAsm.exe PID 1540 wrote to memory of 2992 1540 4010a68d26a450fc9ad24a82d72c10483690f67b3d9a592a156c0a6942f1169d.exe RegAsm.exe PID 1540 wrote to memory of 2992 1540 4010a68d26a450fc9ad24a82d72c10483690f67b3d9a592a156c0a6942f1169d.exe RegAsm.exe PID 1540 wrote to memory of 2992 1540 4010a68d26a450fc9ad24a82d72c10483690f67b3d9a592a156c0a6942f1169d.exe RegAsm.exe PID 1540 wrote to memory of 2992 1540 4010a68d26a450fc9ad24a82d72c10483690f67b3d9a592a156c0a6942f1169d.exe RegAsm.exe PID 1540 wrote to memory of 2992 1540 4010a68d26a450fc9ad24a82d72c10483690f67b3d9a592a156c0a6942f1169d.exe RegAsm.exe PID 1540 wrote to memory of 2992 1540 4010a68d26a450fc9ad24a82d72c10483690f67b3d9a592a156c0a6942f1169d.exe RegAsm.exe PID 1540 wrote to memory of 2992 1540 4010a68d26a450fc9ad24a82d72c10483690f67b3d9a592a156c0a6942f1169d.exe RegAsm.exe PID 1540 wrote to memory of 2992 1540 4010a68d26a450fc9ad24a82d72c10483690f67b3d9a592a156c0a6942f1169d.exe RegAsm.exe PID 1540 wrote to memory of 2992 1540 4010a68d26a450fc9ad24a82d72c10483690f67b3d9a592a156c0a6942f1169d.exe RegAsm.exe PID 1540 wrote to memory of 2992 1540 4010a68d26a450fc9ad24a82d72c10483690f67b3d9a592a156c0a6942f1169d.exe RegAsm.exe PID 2992 wrote to memory of 2680 2992 RegAsm.exe WerFault.exe PID 2992 wrote to memory of 2680 2992 RegAsm.exe WerFault.exe PID 2992 wrote to memory of 2680 2992 RegAsm.exe WerFault.exe PID 2992 wrote to memory of 2680 2992 RegAsm.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\4010a68d26a450fc9ad24a82d72c10483690f67b3d9a592a156c0a6942f1169d.exe"C:\Users\Admin\AppData\Local\Temp\4010a68d26a450fc9ad24a82d72c10483690f67b3d9a592a156c0a6942f1169d.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1540 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:2992 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 2603⤵
- Program crash
PID:2680
-
-