Overview

overview

5

Static

static

3

aa11419a01...a2.exe

windows7-x64

5

aa11419a01...a2.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    147s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-02-2024 20:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aa11419a0119abc90883b2ade6006da2.exe

  • Size

    31KB

  • MD5

    aa11419a0119abc90883b2ade6006da2

  • SHA1

    e55c27ab0f5901306e8155aa5922f902ed04aa68

  • SHA256

    dd532ee346326da409ea9c91d83b5ea82ede7a332768e49a95cee69bdaa1fd5f

  • SHA512

    2c2a523107f6792afddfa4c9b2cb1f63a9db012359e15c7077d9e5915f35b81a91b3fde21916267d0647822346ede0a64359867c485d1f47d37afe9e77cbc384

  • SSDEEP

    384:Mpaikqz7JBcC2IFwGs2Kz61JtYtwQ9RuxA2zcNIi/BY886CJVxt0CQCJ47yGNsM5:MpaXEJBnps2KkJtmR+i985xqRTrsuT5

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 2 IoCs
  • Program crash 2 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aa11419a0119abc90883b2ade6006da2.exe
    "C:\Users\Admin\AppData\Local\Temp\aa11419a0119abc90883b2ade6006da2.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1028
    • C:\Users\Admin\AppData\Local\Temp\aa11419a0119abc90883b2ade6006da2.exe
      "C:\Users\Admin\AppData\Local\Temp\aa11419a0119abc90883b2ade6006da2.exe"
      2⤵
        PID:3328
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 12
          3⤵
          • Program crash
          PID:4012
      • C:\Users\Admin\AppData\Local\Temp\aa11419a0119abc90883b2ade6006da2.exe
        "C:\Users\Admin\AppData\Local\Temp\aa11419a0119abc90883b2ade6006da2.exe"
        2⤵
          PID:1868
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 12
            3⤵
            • Program crash
            PID:2040
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 1868 -ip 1868
        1⤵
          PID:3108
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3328 -ip 3328
          1⤵
            PID:1700

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1028-2-0x0000000013140000-0x0000000013150000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1868-1-0x0000000000400000-0x0000000000406000-memory.dmp

            Filesize

            24KB

            Download

          • memory/1868-3-0x0000000013140000-0x0000000013140000-memory.dmp

            Download

          • memory/3328-0-0x0000000000400000-0x0000000000404000-memory.dmp

            Filesize

            16KB

            Download