Analysis Overview
SHA256
2cfa51f304105aba231c6f6ac26e41e64bc644f06fc529e3f2e22147d40347f1
Threat Level: Likely benign
The file 2cfa51f304105aba231c6f6ac26e41e64bc644f06fc529e3f2e22147d40347f1.exe was found to be: Likely benign.
Malicious Activity Summary
Suspicious use of SetThreadContext
Program crash
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-12 17:10
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 17:10
Reported
2024-06-12 17:13
Platform
win7-20231129-en
Max time kernel
117s
Max time network
118s
Command Line
Signatures
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2264 set thread context of 2464 | N/A | C:\Users\Admin\AppData\Local\Temp\2cfa51f304105aba231c6f6ac26e41e64bc644f06fc529e3f2e22147d40347f1.exe | C:\Users\Admin\AppData\Local\Temp\2cfa51f304105aba231c6f6ac26e41e64bc644f06fc529e3f2e22147d40347f1.exe |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\2cfa51f304105aba231c6f6ac26e41e64bc644f06fc529e3f2e22147d40347f1.exe |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2cfa51f304105aba231c6f6ac26e41e64bc644f06fc529e3f2e22147d40347f1.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2cfa51f304105aba231c6f6ac26e41e64bc644f06fc529e3f2e22147d40347f1.exe
"C:\Users\Admin\AppData\Local\Temp\2cfa51f304105aba231c6f6ac26e41e64bc644f06fc529e3f2e22147d40347f1.exe"
C:\Users\Admin\AppData\Local\Temp\2cfa51f304105aba231c6f6ac26e41e64bc644f06fc529e3f2e22147d40347f1.exe
"C:\Users\Admin\AppData\Local\Temp\2cfa51f304105aba231c6f6ac26e41e64bc644f06fc529e3f2e22147d40347f1.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 36
Network
Files
memory/2264-0-0x0000000073FDE000-0x0000000073FDF000-memory.dmp
memory/2264-1-0x0000000000900000-0x00000000009BE000-memory.dmp
memory/2264-2-0x0000000073FD0000-0x00000000746BE000-memory.dmp
memory/2264-3-0x00000000007D0000-0x00000000007F2000-memory.dmp
memory/2264-4-0x00000000003C0000-0x00000000003D0000-memory.dmp
memory/2264-5-0x00000000059D0000-0x0000000005A5A000-memory.dmp
memory/2464-7-0x0000000000400000-0x0000000000443000-memory.dmp
memory/2464-12-0x0000000000400000-0x0000000000443000-memory.dmp
memory/2464-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/2464-8-0x0000000000400000-0x0000000000443000-memory.dmp
memory/2464-13-0x0000000000400000-0x0000000000443000-memory.dmp
memory/2264-14-0x0000000073FD0000-0x00000000746BE000-memory.dmp
memory/2464-15-0x00000000009C0000-0x0000000000CC3000-memory.dmp
memory/2464-16-0x0000000000400000-0x0000000000443000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 17:10
Reported
2024-06-12 17:13
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1208 set thread context of 776 | N/A | C:\Users\Admin\AppData\Local\Temp\2cfa51f304105aba231c6f6ac26e41e64bc644f06fc529e3f2e22147d40347f1.exe | C:\Users\Admin\AppData\Local\Temp\2cfa51f304105aba231c6f6ac26e41e64bc644f06fc529e3f2e22147d40347f1.exe |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\2cfa51f304105aba231c6f6ac26e41e64bc644f06fc529e3f2e22147d40347f1.exe |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2cfa51f304105aba231c6f6ac26e41e64bc644f06fc529e3f2e22147d40347f1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2cfa51f304105aba231c6f6ac26e41e64bc644f06fc529e3f2e22147d40347f1.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2cfa51f304105aba231c6f6ac26e41e64bc644f06fc529e3f2e22147d40347f1.exe
"C:\Users\Admin\AppData\Local\Temp\2cfa51f304105aba231c6f6ac26e41e64bc644f06fc529e3f2e22147d40347f1.exe"
C:\Users\Admin\AppData\Local\Temp\2cfa51f304105aba231c6f6ac26e41e64bc644f06fc529e3f2e22147d40347f1.exe
"C:\Users\Admin\AppData\Local\Temp\2cfa51f304105aba231c6f6ac26e41e64bc644f06fc529e3f2e22147d40347f1.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 776 -ip 776
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 184
Network
Files
memory/1208-0-0x00000000744AE000-0x00000000744AF000-memory.dmp
memory/1208-1-0x0000000000BB0000-0x0000000000C6E000-memory.dmp
memory/1208-2-0x0000000005B00000-0x00000000060A4000-memory.dmp
memory/1208-3-0x0000000005550000-0x00000000055E2000-memory.dmp
memory/1208-4-0x0000000005510000-0x000000000551A000-memory.dmp
memory/1208-5-0x00000000744A0000-0x0000000074C50000-memory.dmp
memory/1208-6-0x0000000006E90000-0x0000000006EB2000-memory.dmp
memory/1208-7-0x0000000005AD0000-0x0000000005AE0000-memory.dmp
memory/1208-8-0x0000000006990000-0x0000000006A1A000-memory.dmp
memory/1208-9-0x0000000008200000-0x000000000829C000-memory.dmp
memory/776-10-0x0000000000400000-0x0000000000443000-memory.dmp
memory/1208-12-0x00000000744A0000-0x0000000074C50000-memory.dmp
memory/776-13-0x00000000014E0000-0x000000000182A000-memory.dmp
memory/776-14-0x0000000000400000-0x0000000000443000-memory.dmp