e996780ba0f831131457c7599a66e611029d59b424606debc3711d2ab18a3c66

Analysis

max time kernel
119s
max time network
126s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 17:50

Target

NEAS.310e5c8e782ede08805a758cb6324960.exe
Size

368KB
MD5

310e5c8e782ede08805a758cb6324960
SHA1

c385bc2d1d22e5cf513ebba663b0bbf271e4b154
SHA256

e996780ba0f831131457c7599a66e611029d59b424606debc3711d2ab18a3c66
SHA512

f890c2168dd94cf96c893f99bcaba13e72e02f81c1a4cc317ca5c7a2d2f6daccca5a8075c49e6c7f00b6fb8dc480f8d1358ee1373a4b725563ca85730442a7d2
SSDEEP

3072:DiS3m39rPpCiwJfbrrxwuxz2qjSNiSPm39rPpCiwJfbrrxwuxz2q:DiSo9DA5RmiSA9DA5

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1488	956	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 956 wrote to memory of 1488	956	NEAS.310e5c8e782ede08805a758cb6324960.exe	28
PID 956 wrote to memory of 1488	956	NEAS.310e5c8e782ede08805a758cb6324960.exe	28
PID 956 wrote to memory of 1488	956	NEAS.310e5c8e782ede08805a758cb6324960.exe	28
PID 956 wrote to memory of 1488	956	NEAS.310e5c8e782ede08805a758cb6324960.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.310e5c8e782ede08805a758cb6324960.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.310e5c8e782ede08805a758cb6324960.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:956
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 556
  2⤵
  - Program crash
  PID:1488

memory/956-0-0x00000000001C0000-0x0000000000222000-memory.dmp

Filesize
392KB

Download
memory/956-1-0x0000000074B00000-0x00000000751EE000-memory.dmp

Filesize
6.9MB

Download
memory/956-2-0x0000000074B00000-0x00000000751EE000-memory.dmp

Filesize
6.9MB

Download