cdb0621892adf55602c0b39e81047764f16cf6e76aabd0438a02525c84a72c9d

General

Target

23b62a27e3f5c424b16f31e5009af4f24c8bd13b1f035f87879e2a29236be7a0.exe
Size

379KB
MD5

90f41880d631e243cec086557cb74d63
SHA1

cb385e4172cc227ba72baf29ca1c4411fa99a26d
SHA256

23b62a27e3f5c424b16f31e5009af4f24c8bd13b1f035f87879e2a29236be7a0
SHA512

eeb85b34aa66a7e9a1b1807012999ee439433df23126a52ffa8d4b3cb2026be3bcf63ca25f143de58ba929c0d4feeaf2a603fd6ec6b5379fc48147c22f3783e3
SSDEEP

6144:bJpEcFOcL0W0UXTAwutvdygbqD7jHSm6xBkNLt9kAWHtXMErCU8Oe:bJpdFOg0UUXNdxqLf6Xy8H/rCU8Oe

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

23b62a27e3f5c424b16f31e5009af4f24c8bd13b1f035f87879e2a29236be7a0.exe

description	pid	process	target process
PID 1908 set thread context of 2636	1908	23b62a27e3f5c424b16f31e5009af4f24c8bd13b1f035f87879e2a29236be7a0.exe	RegAsm.exe

Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid	pid_target	process	target process
2872	1908	WerFault.exe	23b62a27e3f5c424b16f31e5009af4f24c8bd13b1f035f87879e2a29236be7a0.exe
2616	2636	WerFault.exe	RegAsm.exe

Suspicious use of WriteProcessMemory 21 IoCs

Processes:

23b62a27e3f5c424b16f31e5009af4f24c8bd13b1f035f87879e2a29236be7a0.exeRegAsm.exe

description	pid	process	target process
PID 1908 wrote to memory of 2636	1908	23b62a27e3f5c424b16f31e5009af4f24c8bd13b1f035f87879e2a29236be7a0.exe	RegAsm.exe
PID 1908 wrote to memory of 2636	1908	23b62a27e3f5c424b16f31e5009af4f24c8bd13b1f035f87879e2a29236be7a0.exe	RegAsm.exe
PID 1908 wrote to memory of 2636	1908	23b62a27e3f5c424b16f31e5009af4f24c8bd13b1f035f87879e2a29236be7a0.exe	RegAsm.exe
PID 1908 wrote to memory of 2636	1908	23b62a27e3f5c424b16f31e5009af4f24c8bd13b1f035f87879e2a29236be7a0.exe	RegAsm.exe
PID 1908 wrote to memory of 2636	1908	23b62a27e3f5c424b16f31e5009af4f24c8bd13b1f035f87879e2a29236be7a0.exe	RegAsm.exe
PID 1908 wrote to memory of 2636	1908	23b62a27e3f5c424b16f31e5009af4f24c8bd13b1f035f87879e2a29236be7a0.exe	RegAsm.exe
PID 1908 wrote to memory of 2636	1908	23b62a27e3f5c424b16f31e5009af4f24c8bd13b1f035f87879e2a29236be7a0.exe	RegAsm.exe
PID 1908 wrote to memory of 2636	1908	23b62a27e3f5c424b16f31e5009af4f24c8bd13b1f035f87879e2a29236be7a0.exe	RegAsm.exe
PID 1908 wrote to memory of 2636	1908	23b62a27e3f5c424b16f31e5009af4f24c8bd13b1f035f87879e2a29236be7a0.exe	RegAsm.exe
PID 1908 wrote to memory of 2636	1908	23b62a27e3f5c424b16f31e5009af4f24c8bd13b1f035f87879e2a29236be7a0.exe	RegAsm.exe
PID 1908 wrote to memory of 2636	1908	23b62a27e3f5c424b16f31e5009af4f24c8bd13b1f035f87879e2a29236be7a0.exe	RegAsm.exe
PID 1908 wrote to memory of 2872	1908	23b62a27e3f5c424b16f31e5009af4f24c8bd13b1f035f87879e2a29236be7a0.exe	WerFault.exe
PID 1908 wrote to memory of 2872	1908	23b62a27e3f5c424b16f31e5009af4f24c8bd13b1f035f87879e2a29236be7a0.exe	WerFault.exe
PID 1908 wrote to memory of 2872	1908	23b62a27e3f5c424b16f31e5009af4f24c8bd13b1f035f87879e2a29236be7a0.exe	WerFault.exe
PID 1908 wrote to memory of 2872	1908	23b62a27e3f5c424b16f31e5009af4f24c8bd13b1f035f87879e2a29236be7a0.exe	WerFault.exe
PID 1908 wrote to memory of 2636	1908	23b62a27e3f5c424b16f31e5009af4f24c8bd13b1f035f87879e2a29236be7a0.exe	RegAsm.exe
PID 1908 wrote to memory of 2636	1908	23b62a27e3f5c424b16f31e5009af4f24c8bd13b1f035f87879e2a29236be7a0.exe	RegAsm.exe
PID 2636 wrote to memory of 2616	2636	RegAsm.exe	WerFault.exe
PID 2636 wrote to memory of 2616	2636	RegAsm.exe	WerFault.exe
PID 2636 wrote to memory of 2616	2636	RegAsm.exe	WerFault.exe
PID 2636 wrote to memory of 2616	2636	RegAsm.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\23b62a27e3f5c424b16f31e5009af4f24c8bd13b1f035f87879e2a29236be7a0.exe
"C:\Users\Admin\AppData\Local\Temp\23b62a27e3f5c424b16f31e5009af4f24c8bd13b1f035f87879e2a29236be7a0.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2636
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 260
    3⤵
    - Program crash
    PID:2616
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 508
  2⤵
  - Program crash
  PID:2872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1908-0-0x0000000001080000-0x00000000010E6000-memory.dmp

Filesize
408KB

Download
memory/1908-1-0x0000000074230000-0x000000007491E000-memory.dmp

Filesize
6.9MB

Download
memory/1908-18-0x00000000024F0000-0x00000000044F0000-memory.dmp

Filesize
32.0MB

Download
memory/1908-17-0x0000000074230000-0x000000007491E000-memory.dmp

Filesize
6.9MB

Download
memory/1908-8-0x00000000024F0000-0x00000000044F0000-memory.dmp

Filesize
32.0MB

Download
memory/2636-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2636-9-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2636-5-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2636-12-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2636-7-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2636-14-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2636-16-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2636-6-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2636-4-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads