Analysis

  • max time kernel
    51s
  • max time network
    52s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 17:21

General

  • Target

    4c7e553411c390511f61ab68183eaf5b5857a32eca4c46eeaca75069ad8022ea.exe

  • Size

    920KB

  • MD5

    77b1334e106a22b57403990acbfbe258

  • SHA1

    3f4430e0805c49599c1aa070ecc8e21fc3a4bc61

  • SHA256

    4c7e553411c390511f61ab68183eaf5b5857a32eca4c46eeaca75069ad8022ea

  • SHA512

    ef3386bae0112ca044f6843d068ef8f0a6458953ad530ac8666a56d4c81d2fb4e876453f317a3682c5edc8ca46249999cb8f59bbffa65aeebc1781123d7becdf

  • SSDEEP

    24576:EiUGGg+lo71DICnPIXqv3eqbHSOxZoxtksCkqv:zUGGg+lYiqvu6SOxTk8

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4c7e553411c390511f61ab68183eaf5b5857a32eca4c46eeaca75069ad8022ea.exe
    "C:\Users\Admin\AppData\Local\Temp\4c7e553411c390511f61ab68183eaf5b5857a32eca4c46eeaca75069ad8022ea.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4180
    • C:\Users\Admin\AppData\Local\Temp\4c7e553411c390511f61ab68183eaf5b5857a32eca4c46eeaca75069ad8022ea.exe
      "C:\Users\Admin\AppData\Local\Temp\4c7e553411c390511f61ab68183eaf5b5857a32eca4c46eeaca75069ad8022ea.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:2720
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 184
        3⤵
        • Program crash
        PID:2716
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 2720 -ip 2720
    1⤵
      PID:4864

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2720-10-0x0000000000400000-0x0000000000443000-memory.dmp

      Filesize

      268KB

    • memory/2720-14-0x0000000000400000-0x0000000000443000-memory.dmp

      Filesize

      268KB

    • memory/2720-13-0x0000000000EE0000-0x000000000122A000-memory.dmp

      Filesize

      3.3MB

    • memory/4180-6-0x00000000080F0000-0x000000000810A000-memory.dmp

      Filesize

      104KB

    • memory/4180-4-0x00000000051C0000-0x00000000051CA000-memory.dmp

      Filesize

      40KB

    • memory/4180-5-0x00000000749D0000-0x0000000075180000-memory.dmp

      Filesize

      7.7MB

    • memory/4180-0-0x00000000749DE000-0x00000000749DF000-memory.dmp

      Filesize

      4KB

    • memory/4180-7-0x0000000006370000-0x0000000006380000-memory.dmp

      Filesize

      64KB

    • memory/4180-8-0x0000000008110000-0x000000000819A000-memory.dmp

      Filesize

      552KB

    • memory/4180-9-0x000000000A8A0000-0x000000000A93C000-memory.dmp

      Filesize

      624KB

    • memory/4180-3-0x00000000051E0000-0x0000000005272000-memory.dmp

      Filesize

      584KB

    • memory/4180-12-0x00000000749D0000-0x0000000075180000-memory.dmp

      Filesize

      7.7MB

    • memory/4180-2-0x00000000056C0000-0x0000000005C64000-memory.dmp

      Filesize

      5.6MB

    • memory/4180-1-0x00000000006B0000-0x000000000079C000-memory.dmp

      Filesize

      944KB