e29ea3a51bb9c2949f8f7674599be1bbb9bc916789fe85bd80ad2b31d2141d61

Analysis

max time kernel
119s
max time network
130s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
13/10/2023, 20:40

Target

NEAS.cd28678e566fb68a724597b0072cb150.exe
Size

249KB
MD5

cd28678e566fb68a724597b0072cb150
SHA1

a7443dc03b9d89ee533271aeafbd02630d86b972
SHA256

e29ea3a51bb9c2949f8f7674599be1bbb9bc916789fe85bd80ad2b31d2141d61
SHA512

5307e373f9e7d86a9ec4fd8dfb83c4c76e6534eba8ea0824d9e005dc91d5192ab74eeaf985c8574f893c1b3587960be8a5281949092606a7723dd1ffed9aa7d4
SSDEEP

6144:Za3H/a42TQIv+ho1yKJFLRFgMXvmgkcNOwkuUR:Kl2sIVyUNRaMerc4w3C

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2068-0-0x0000000000400000-0x000000000049C000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1940	2068	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 1940	2068	NEAS.cd28678e566fb68a724597b0072cb150.exe	28
PID 2068 wrote to memory of 1940	2068	NEAS.cd28678e566fb68a724597b0072cb150.exe	28
PID 2068 wrote to memory of 1940	2068	NEAS.cd28678e566fb68a724597b0072cb150.exe	28
PID 2068 wrote to memory of 1940	2068	NEAS.cd28678e566fb68a724597b0072cb150.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.cd28678e566fb68a724597b0072cb150.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.cd28678e566fb68a724597b0072cb150.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 36
  2⤵
  - Program crash
  PID:1940

memory/2068-0-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download