7fd47db08b371ea866be3f252df1453263638c7467090d973d2dada5a5de377c

Analysis

max time kernel
143s
max time network
133s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 17:52

Target

NEAS.3dcdd4758780ebff5239863c8743a7c0.exe
Size

112KB
MD5

3dcdd4758780ebff5239863c8743a7c0
SHA1

20d6d39d72e916a1f6a8163a616726862fa1a62c
SHA256

7fd47db08b371ea866be3f252df1453263638c7467090d973d2dada5a5de377c
SHA512

ad4f736ef3c38b2762daab8f31c24b020e43587ed0268626394b1971da60a497aa389c5de630333107de78ff1d1efc571de39fea08baae36ab60d80c2048621e
SSDEEP

1536:1Uk/JrLIFMY9Fp0aCKIFOAGvBTsV3PlJF7/ziTxFxJYV/RuPVII:Z/R0BfC2vBknF70JYV5kVII

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2252	2368	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 2252	2368	NEAS.3dcdd4758780ebff5239863c8743a7c0.exe	28
PID 2368 wrote to memory of 2252	2368	NEAS.3dcdd4758780ebff5239863c8743a7c0.exe	28
PID 2368 wrote to memory of 2252	2368	NEAS.3dcdd4758780ebff5239863c8743a7c0.exe	28
PID 2368 wrote to memory of 2252	2368	NEAS.3dcdd4758780ebff5239863c8743a7c0.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.3dcdd4758780ebff5239863c8743a7c0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.3dcdd4758780ebff5239863c8743a7c0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 36
  2⤵
  - Program crash
  PID:2252

memory/2368-0-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2368-1-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download