1eafb5670f65894621ee597fc34f1b11ac9887ee3f917b86028dcdd78bb17431

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
13/10/2023, 20:33

Target

NEAS.a0d922041dee84ee9f5075a9848f46a0.exe
Size

234KB
MD5

a0d922041dee84ee9f5075a9848f46a0
SHA1

2b4249cd27996043a8e2bf0d63f4f7cdbad1f598
SHA256

1eafb5670f65894621ee597fc34f1b11ac9887ee3f917b86028dcdd78bb17431
SHA512

55cfb97b8e18d47097b4a7cedbdceeb198aaa9833da5c5fbc5d17c5807cb9776668bb8489416b307c925cb18118ad9d8f1e54c03893885c97573215bdc1b27bf
SSDEEP

3072:nmP0v6Urvb/M8Om6p0kcCVQTYTaaSFWbb9qNgwpLIcKZq5axUQMqXfFPix/:ha0kcCVmYTaa5YmqEq5+Uy

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2568	2004	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 2568	2004	NEAS.a0d922041dee84ee9f5075a9848f46a0.exe	28
PID 2004 wrote to memory of 2568	2004	NEAS.a0d922041dee84ee9f5075a9848f46a0.exe	28
PID 2004 wrote to memory of 2568	2004	NEAS.a0d922041dee84ee9f5075a9848f46a0.exe	28
PID 2004 wrote to memory of 2568	2004	NEAS.a0d922041dee84ee9f5075a9848f46a0.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.a0d922041dee84ee9f5075a9848f46a0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.a0d922041dee84ee9f5075a9848f46a0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 156
  2⤵
  - Program crash
  PID:2568

memory/2004-0-0x0000000001000000-0x000000000103D000-memory.dmp

Filesize
244KB

Download
memory/2004-1-0x0000000001000000-0x000000000103D000-memory.dmp

Filesize
244KB

Download