e046b9ef11b019e7908ffe1a693effef68df2b5ec43a20e5ab5299e7180e123a

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
13/10/2023, 20:04

Target

NEAS.2f7f7d3afc3f465ccfe0f6d775e6d380.exe
Size

164KB
MD5

2f7f7d3afc3f465ccfe0f6d775e6d380
SHA1

76763ad638a45ba6e02d6481ee6b081671211687
SHA256

e046b9ef11b019e7908ffe1a693effef68df2b5ec43a20e5ab5299e7180e123a
SHA512

44bc0b4d6b5d365b6450a11cac8f969f59ca43b58296f4b4199cf6631ca417b48e12dcb46234a41ef49a03485f0e021807ad3afc27859739d45d1eee9c61e51a
SSDEEP

3072:vNQKPWDyAI0hJltZrpRRy8JEl0G5MtliNeOh7hwtf:vNSDyAISthpd8Mt4n2

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2028	2264	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 2028	2264	NEAS.2f7f7d3afc3f465ccfe0f6d775e6d380.exe	28
PID 2264 wrote to memory of 2028	2264	NEAS.2f7f7d3afc3f465ccfe0f6d775e6d380.exe	28
PID 2264 wrote to memory of 2028	2264	NEAS.2f7f7d3afc3f465ccfe0f6d775e6d380.exe	28
PID 2264 wrote to memory of 2028	2264	NEAS.2f7f7d3afc3f465ccfe0f6d775e6d380.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.2f7f7d3afc3f465ccfe0f6d775e6d380.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.2f7f7d3afc3f465ccfe0f6d775e6d380.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2264
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 160
  2⤵
  - Program crash
  PID:2028

memory/2264-0-0x0000000001000000-0x0000000001025000-memory.dmp

Filesize
148KB

Download
memory/2264-1-0x0000000001000000-0x0000000001025000-memory.dmp

Filesize
148KB

Download