5223c17afa5180b54eafa29578b185a22de11c73d51535935912393fa00a8d13

General

Target

8319ca6cf9cbe1f526db7cda92a964e8d16336ec0620a9fe8d390cb2a7a08fc7.exe
Size

328KB
MD5

5870ef4ab0d94609e0286055db3c7b1c
SHA1

8f39b9821491eb4fd52a469bdcc2f4e9d8706fd8
SHA256

8319ca6cf9cbe1f526db7cda92a964e8d16336ec0620a9fe8d390cb2a7a08fc7
SHA512

8c35c7206a7b4da6ab2942aef33d8279094b1191ef2c3f69ebdf39dc8830cd363ad448e0d02a3e2bda8e2d0febbf543fb7e367ac2bbee1d98f50892ae1231979
SSDEEP

6144:ZEXXLwwq8aMxc9KboOW6HGXK/Ub08nFvUZM2SmxscC:iXbwws6c9QoOW6mh0m6ZVSac

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

8319ca6cf9cbe1f526db7cda92a964e8d16336ec0620a9fe8d390cb2a7a08fc7.exe

description	pid	process	target process
PID 2724 set thread context of 1464	2724	8319ca6cf9cbe1f526db7cda92a964e8d16336ec0620a9fe8d390cb2a7a08fc7.exe	RegAsm.exe

Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid	pid_target	process	target process
1520	2724	WerFault.exe	8319ca6cf9cbe1f526db7cda92a964e8d16336ec0620a9fe8d390cb2a7a08fc7.exe
2576	1464	WerFault.exe	RegAsm.exe

Suspicious use of WriteProcessMemory 21 IoCs

Processes:

8319ca6cf9cbe1f526db7cda92a964e8d16336ec0620a9fe8d390cb2a7a08fc7.exeRegAsm.exe

description	pid	process	target process
PID 2724 wrote to memory of 1464	2724	8319ca6cf9cbe1f526db7cda92a964e8d16336ec0620a9fe8d390cb2a7a08fc7.exe	RegAsm.exe
PID 2724 wrote to memory of 1464	2724	8319ca6cf9cbe1f526db7cda92a964e8d16336ec0620a9fe8d390cb2a7a08fc7.exe	RegAsm.exe
PID 2724 wrote to memory of 1464	2724	8319ca6cf9cbe1f526db7cda92a964e8d16336ec0620a9fe8d390cb2a7a08fc7.exe	RegAsm.exe
PID 2724 wrote to memory of 1464	2724	8319ca6cf9cbe1f526db7cda92a964e8d16336ec0620a9fe8d390cb2a7a08fc7.exe	RegAsm.exe
PID 2724 wrote to memory of 1464	2724	8319ca6cf9cbe1f526db7cda92a964e8d16336ec0620a9fe8d390cb2a7a08fc7.exe	RegAsm.exe
PID 2724 wrote to memory of 1464	2724	8319ca6cf9cbe1f526db7cda92a964e8d16336ec0620a9fe8d390cb2a7a08fc7.exe	RegAsm.exe
PID 2724 wrote to memory of 1464	2724	8319ca6cf9cbe1f526db7cda92a964e8d16336ec0620a9fe8d390cb2a7a08fc7.exe	RegAsm.exe
PID 2724 wrote to memory of 1464	2724	8319ca6cf9cbe1f526db7cda92a964e8d16336ec0620a9fe8d390cb2a7a08fc7.exe	RegAsm.exe
PID 2724 wrote to memory of 1464	2724	8319ca6cf9cbe1f526db7cda92a964e8d16336ec0620a9fe8d390cb2a7a08fc7.exe	RegAsm.exe
PID 2724 wrote to memory of 1464	2724	8319ca6cf9cbe1f526db7cda92a964e8d16336ec0620a9fe8d390cb2a7a08fc7.exe	RegAsm.exe
PID 2724 wrote to memory of 1464	2724	8319ca6cf9cbe1f526db7cda92a964e8d16336ec0620a9fe8d390cb2a7a08fc7.exe	RegAsm.exe
PID 2724 wrote to memory of 1464	2724	8319ca6cf9cbe1f526db7cda92a964e8d16336ec0620a9fe8d390cb2a7a08fc7.exe	RegAsm.exe
PID 2724 wrote to memory of 1464	2724	8319ca6cf9cbe1f526db7cda92a964e8d16336ec0620a9fe8d390cb2a7a08fc7.exe	RegAsm.exe
PID 2724 wrote to memory of 1520	2724	8319ca6cf9cbe1f526db7cda92a964e8d16336ec0620a9fe8d390cb2a7a08fc7.exe	WerFault.exe
PID 2724 wrote to memory of 1520	2724	8319ca6cf9cbe1f526db7cda92a964e8d16336ec0620a9fe8d390cb2a7a08fc7.exe	WerFault.exe
PID 2724 wrote to memory of 1520	2724	8319ca6cf9cbe1f526db7cda92a964e8d16336ec0620a9fe8d390cb2a7a08fc7.exe	WerFault.exe
PID 2724 wrote to memory of 1520	2724	8319ca6cf9cbe1f526db7cda92a964e8d16336ec0620a9fe8d390cb2a7a08fc7.exe	WerFault.exe
PID 1464 wrote to memory of 2576	1464	RegAsm.exe	WerFault.exe
PID 1464 wrote to memory of 2576	1464	RegAsm.exe	WerFault.exe
PID 1464 wrote to memory of 2576	1464	RegAsm.exe	WerFault.exe
PID 1464 wrote to memory of 2576	1464	RegAsm.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\8319ca6cf9cbe1f526db7cda92a964e8d16336ec0620a9fe8d390cb2a7a08fc7.exe
"C:\Users\Admin\AppData\Local\Temp\8319ca6cf9cbe1f526db7cda92a964e8d16336ec0620a9fe8d390cb2a7a08fc7.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1464
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 260
    3⤵
    - Program crash
    PID:2576
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 504
  2⤵
  - Program crash
  PID:1520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1464-8-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/1464-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1464-16-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/1464-5-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/1464-6-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/1464-7-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/1464-9-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/1464-12-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/1464-15-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2724-0-0x0000000000300000-0x0000000000354000-memory.dmp

Filesize
336KB

Download
memory/2724-1-0x0000000074390000-0x0000000074A7E000-memory.dmp

Filesize
6.9MB

Download
memory/2724-4-0x0000000002030000-0x0000000004030000-memory.dmp

Filesize
32.0MB

Download
memory/2724-17-0x0000000074390000-0x0000000074A7E000-memory.dmp

Filesize
6.9MB

Download
memory/2724-18-0x0000000002030000-0x0000000004030000-memory.dmp

Filesize
32.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads