c8411eb54a344a989a6ab71a27309f911267b410f39bb1208b1313bfd44893dd | Triage

Analysis

max time kernel
120s
max time network
138s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 17:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.46a81a11f7d36c2d8dc5ed9a6182ccc0.exe
Size

154KB
MD5

46a81a11f7d36c2d8dc5ed9a6182ccc0
SHA1

93d30d837390c8d84ee8563679e7f938f6b21114
SHA256

c8411eb54a344a989a6ab71a27309f911267b410f39bb1208b1313bfd44893dd
SHA512

46c73e815a52ff55fe26dbb038d29d8d7ea976d3712b85729e15fe1aefb7558d083eccafb909942508b1670f909d317473213876d7fd0c03912aca68bdc4304e
SSDEEP

3072:8D4JlU3G9inroLloqC+LwWWSJjRgYuOZVRRM:gnqS5+LwhSnsOfRRM

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1644	2044	WerFault.exe	9

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 1644	2044	NEAS.46a81a11f7d36c2d8dc5ed9a6182ccc0.exe	28
PID 2044 wrote to memory of 1644	2044	NEAS.46a81a11f7d36c2d8dc5ed9a6182ccc0.exe	28
PID 2044 wrote to memory of 1644	2044	NEAS.46a81a11f7d36c2d8dc5ed9a6182ccc0.exe	28
PID 2044 wrote to memory of 1644	2044	NEAS.46a81a11f7d36c2d8dc5ed9a6182ccc0.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.46a81a11f7d36c2d8dc5ed9a6182ccc0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.46a81a11f7d36c2d8dc5ed9a6182ccc0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 188
  2⤵
  - Program crash
  PID:1644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2044-0-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2044-1-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download