0e30a75545d977550e352d691fbfda4f9cb97655be53b107998ff43db67a37bd | Triage

Analysis

max time kernel
119s
max time network
145s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
13/10/2023, 20:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.9a2c0cfa7394ae72df09823b354bd710.exe
Size

262KB
MD5

9a2c0cfa7394ae72df09823b354bd710
SHA1

4aeb1fd6590db9168822614292885e74c5dafb64
SHA256

0e30a75545d977550e352d691fbfda4f9cb97655be53b107998ff43db67a37bd
SHA512

6f4d34f184fc96d31e5f7171e9115cb4a1713c1b347555a243b95b05311e297b34afcc54ce7d2ab53f6b5d48fa300948627d2996420697cbeafbbdc67c987460
SSDEEP

1536:zdD2unvz0Eg9stAWpSYje5cU7zA4bmlpWmm:JSW3tAW4Yjevp0wmm

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1788	2112	WerFault.exe	17

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 1788	2112	NEAS.9a2c0cfa7394ae72df09823b354bd710.exe	29
PID 2112 wrote to memory of 1788	2112	NEAS.9a2c0cfa7394ae72df09823b354bd710.exe	29
PID 2112 wrote to memory of 1788	2112	NEAS.9a2c0cfa7394ae72df09823b354bd710.exe	29
PID 2112 wrote to memory of 1788	2112	NEAS.9a2c0cfa7394ae72df09823b354bd710.exe	29

C:\Users\Admin\AppData\Local\Temp\NEAS.9a2c0cfa7394ae72df09823b354bd710.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.9a2c0cfa7394ae72df09823b354bd710.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 564
  2⤵
  - Program crash
  PID:1788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2112-0-0x0000000000B60000-0x0000000000BA8000-memory.dmp

Filesize
288KB

Download
memory/2112-1-0x0000000074770000-0x0000000074E5E000-memory.dmp

Filesize
6.9MB

Download
memory/2112-2-0x0000000074770000-0x0000000074E5E000-memory.dmp

Filesize
6.9MB

Download