8c491a294347f485cc221b1e3f2d61ff736750b33ea310ceb098bc0f83e75e23

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14-10-2023 17:58

Target

NEAS.71e6e78b9fd2b0965c8494f6ceb0f330.exe
Size

6.3MB
MD5

71e6e78b9fd2b0965c8494f6ceb0f330
SHA1

ea51a9062c0f88d76722123ed9b449cbf2ba4941
SHA256

8c491a294347f485cc221b1e3f2d61ff736750b33ea310ceb098bc0f83e75e23
SHA512

a3fd7a70aa9b8c3a4a1fb1bec9b4d4a61116e50b8f45a345b37ef58c303eb8d4c422efd1344890f2e4a55c536dcfa2e6b490deefb5e54b9c90ebffaa4b08a02d
SSDEEP

196608:FltQUEp4DmNstTT51q++qx75F1hCCJGXRrc66W1x3ZqS:Tt/8+FOPU7xhfi1J1tZqS

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2112	NEAS.71e6e78b9fd2b0965c8494f6ceb0f330.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 2044	2112	NEAS.71e6e78b9fd2b0965c8494f6ceb0f330.exe	28
PID 2112 wrote to memory of 2044	2112	NEAS.71e6e78b9fd2b0965c8494f6ceb0f330.exe	28
PID 2112 wrote to memory of 2044	2112	NEAS.71e6e78b9fd2b0965c8494f6ceb0f330.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.71e6e78b9fd2b0965c8494f6ceb0f330.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.71e6e78b9fd2b0965c8494f6ceb0f330.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2112 -s 168
  2⤵
  PID:2044

memory/2112-0-0x0000000077830000-0x0000000077832000-memory.dmp

Filesize
8KB

Download
memory/2112-3-0x000000013F100000-0x000000013FBC6000-memory.dmp

Filesize
10.8MB

Download
memory/2112-2-0x0000000077830000-0x0000000077832000-memory.dmp

Filesize
8KB

Download
memory/2112-5-0x0000000077830000-0x0000000077832000-memory.dmp

Filesize
8KB

Download
memory/2112-7-0x000000013F100000-0x000000013FBC6000-memory.dmp

Filesize
10.8MB

Download
memory/2112-8-0x0000000077680000-0x0000000077829000-memory.dmp

Filesize
1.7MB

Download
memory/2112-12-0x000000013F100000-0x000000013FBC6000-memory.dmp

Filesize
10.8MB

Download
memory/2112-13-0x0000000077680000-0x0000000077829000-memory.dmp

Filesize
1.7MB

Download