3d83ed386a8232813a8e23d4f40b967bf9469fcd43e3df5293ca95169c510ebf

Analysis

max time kernel
118s
max time network
137s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
13-10-2023 20:34

Target

NEAS.a9706cdb425ea538d7a403a7fc4861b0.exe
Size

204KB
MD5

a9706cdb425ea538d7a403a7fc4861b0
SHA1

6f1abd48ab45899682d096ab20532294b24066b1
SHA256

3d83ed386a8232813a8e23d4f40b967bf9469fcd43e3df5293ca95169c510ebf
SHA512

01e940b25dcb2f4f2b39ecb9746f74b5b939ae251643f8359d8f0ad68db4753bea142eb775256040cc99640a526b7fde6164681d2e25571c32f1dc0676ecf9a2
SSDEEP

768:P6cPsAifwZJ0cZGUk6vJOBdhqm2PeaiBWJQekTP02U02p/1H5RqtRXdnh:SccYH/Gnc+hmlJQekTcx02Li9

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2592	2148	WerFault.exe	17

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 2592	2148	NEAS.a9706cdb425ea538d7a403a7fc4861b0.exe	28
PID 2148 wrote to memory of 2592	2148	NEAS.a9706cdb425ea538d7a403a7fc4861b0.exe	28
PID 2148 wrote to memory of 2592	2148	NEAS.a9706cdb425ea538d7a403a7fc4861b0.exe	28
PID 2148 wrote to memory of 2592	2148	NEAS.a9706cdb425ea538d7a403a7fc4861b0.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.a9706cdb425ea538d7a403a7fc4861b0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.a9706cdb425ea538d7a403a7fc4861b0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 36
  2⤵
  - Program crash
  PID:2592

memory/2148-0-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download