fb2073c16ff0582c43759cc7571a1909913c2ebd425b670b36efa4259740e3be

Analysis

max time kernel
143s
max time network
120s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 17:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.2977548d4028aef0dd3589a98ead3060.exe
Size

452KB
MD5

2977548d4028aef0dd3589a98ead3060
SHA1

1ffc00f88b6d94539b846b70a900bd38947fd0dd
SHA256

fb2073c16ff0582c43759cc7571a1909913c2ebd425b670b36efa4259740e3be
SHA512

028d776c9c6ba182800daef0d7809233cff28803bc82b4532745eef105088b65fe27be1cf28c911bdf2a35bc972dce75184a7a53090bff9c218b389aef756bb5
SSDEEP

12288:tb0aFieYxIkw/4fuCTbu2SyLJiUPTjwbt927t:h+fuCTbu2RLJiUPTjwZ9C

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 5 IoCs

pid	Process
2796	WerFault.exe
2796	WerFault.exe
2796	WerFault.exe
2796	WerFault.exe
2796	WerFault.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2796	2256	WerFault.exe	27

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2256	NEAS.2977548d4028aef0dd3589a98ead3060.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 2796	2256	NEAS.2977548d4028aef0dd3589a98ead3060.exe	28
PID 2256 wrote to memory of 2796	2256	NEAS.2977548d4028aef0dd3589a98ead3060.exe	28
PID 2256 wrote to memory of 2796	2256	NEAS.2977548d4028aef0dd3589a98ead3060.exe	28
PID 2256 wrote to memory of 2796	2256	NEAS.2977548d4028aef0dd3589a98ead3060.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.2977548d4028aef0dd3589a98ead3060.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.2977548d4028aef0dd3589a98ead3060.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 264
  2⤵
  - Loads dropped DLL
  - Program crash
  PID:2796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\NEAS.2977548d4028aef0dd3589a98ead3060.exe

Filesize
458KB

MD5
1421a38cfa0d26da1856baec8681ab40

SHA1
55870e42ddb151ae23857d74b3d14f60447497ac

SHA256
46f08f2f2ace7af829e8d3c7b88bade80d471239bbabfa04383511812d04fdb2

SHA512
27356cb0e8fea7024f57a43026cea863bd9e0c35d4a07ba7d6178a60101cf39632644164259963d84461623455d6e6e841c2d1c3d2aee4685bd04e1f065d0ccf

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.2977548d4028aef0dd3589a98ead3060.exe

Filesize
458KB

MD5
1421a38cfa0d26da1856baec8681ab40

SHA1
55870e42ddb151ae23857d74b3d14f60447497ac

SHA256
46f08f2f2ace7af829e8d3c7b88bade80d471239bbabfa04383511812d04fdb2

SHA512
27356cb0e8fea7024f57a43026cea863bd9e0c35d4a07ba7d6178a60101cf39632644164259963d84461623455d6e6e841c2d1c3d2aee4685bd04e1f065d0ccf

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.2977548d4028aef0dd3589a98ead3060.exe

Filesize
458KB

MD5
1421a38cfa0d26da1856baec8681ab40

SHA1
55870e42ddb151ae23857d74b3d14f60447497ac

SHA256
46f08f2f2ace7af829e8d3c7b88bade80d471239bbabfa04383511812d04fdb2

SHA512
27356cb0e8fea7024f57a43026cea863bd9e0c35d4a07ba7d6178a60101cf39632644164259963d84461623455d6e6e841c2d1c3d2aee4685bd04e1f065d0ccf

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.2977548d4028aef0dd3589a98ead3060.exe

Filesize
458KB

MD5
1421a38cfa0d26da1856baec8681ab40

SHA1
55870e42ddb151ae23857d74b3d14f60447497ac

SHA256
46f08f2f2ace7af829e8d3c7b88bade80d471239bbabfa04383511812d04fdb2

SHA512
27356cb0e8fea7024f57a43026cea863bd9e0c35d4a07ba7d6178a60101cf39632644164259963d84461623455d6e6e841c2d1c3d2aee4685bd04e1f065d0ccf

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.2977548d4028aef0dd3589a98ead3060.exe

Filesize
458KB

MD5
1421a38cfa0d26da1856baec8681ab40

SHA1
55870e42ddb151ae23857d74b3d14f60447497ac

SHA256
46f08f2f2ace7af829e8d3c7b88bade80d471239bbabfa04383511812d04fdb2

SHA512
27356cb0e8fea7024f57a43026cea863bd9e0c35d4a07ba7d6178a60101cf39632644164259963d84461623455d6e6e841c2d1c3d2aee4685bd04e1f065d0ccf

Download Submit
memory/2256-0-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/2256-1-0x00000000003B0000-0x00000000003B2000-memory.dmp

Filesize
8KB

Download
memory/2256-4-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/2256-6-0x00000000004D0000-0x00000000004D2000-memory.dmp

Filesize
8KB

Download
memory/2256-12-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads