00e359523e74e22aaf72d55b7b83b376e879ad695e91ae831f0bd1050df82ea3 | Triage

Analysis

max time kernel
117s
max time network
125s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14-10-2023 17:56

Sharing

Report Analysis Logs

General

Target

NEAS.61a5f1f30f28075d81a8d61b04d3afd0.exe
Size

110KB
MD5

61a5f1f30f28075d81a8d61b04d3afd0
SHA1

4db15ce4431a263828634705a5b31135e6fbe9e4
SHA256

00e359523e74e22aaf72d55b7b83b376e879ad695e91ae831f0bd1050df82ea3
SHA512

e573f16238683e84f01ad7f35604a014ec4758f54d2f7c06b3fe9cd0f802f3cb5b84a4043461a7b93d2753b501fa47e47eb283670593573e8b48a310213f2b74
SSDEEP

3072:x8+pzxQWjcxZP4W5/B9U9OmzoI7h+aS1G2:x8wzWWjiZPbU9Omzo0naG2

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2544	3040	WerFault.exe	10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 2544	3040	NEAS.61a5f1f30f28075d81a8d61b04d3afd0.exe	28
PID 3040 wrote to memory of 2544	3040	NEAS.61a5f1f30f28075d81a8d61b04d3afd0.exe	28
PID 3040 wrote to memory of 2544	3040	NEAS.61a5f1f30f28075d81a8d61b04d3afd0.exe	28
PID 3040 wrote to memory of 2544	3040	NEAS.61a5f1f30f28075d81a8d61b04d3afd0.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.61a5f1f30f28075d81a8d61b04d3afd0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.61a5f1f30f28075d81a8d61b04d3afd0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 116
  2⤵
  - Program crash
  PID:2544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3040-0-0x0000000000AF0000-0x0000000000B10000-memory.dmp

Filesize
128KB

Download
memory/3040-1-0x0000000000AF0000-0x0000000000B10000-memory.dmp

Filesize
128KB

Download