41378022b0c56172a05442697338aa84f4afe0162280d3a0cce5a83930f7f2b4

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14-10-2023 18:06

Target

NEAS.9a01f1bab88df0ce6d86393526910f80.exe
Size

66KB
MD5

9a01f1bab88df0ce6d86393526910f80
SHA1

07b3a082e4cd02d76f52e845a36f240dc77a46a6
SHA256

41378022b0c56172a05442697338aa84f4afe0162280d3a0cce5a83930f7f2b4
SHA512

dce1a222322e213ea9f934f75cdae8fa2d645837effcd6f599c44ae60e837d52c19d3285af1fbf82b733a855deaf5915af84039275522239126f6b349780e3ca
SSDEEP

1536:4bm2fHHvbq+iIcDUIghGXJ0ZSO4wQwbThmdOa7b5cW:d2fHHvbqDNpRXJ08O0wha5cW

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2152	532	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 532 wrote to memory of 2152	532	NEAS.9a01f1bab88df0ce6d86393526910f80.exe	28
PID 532 wrote to memory of 2152	532	NEAS.9a01f1bab88df0ce6d86393526910f80.exe	28
PID 532 wrote to memory of 2152	532	NEAS.9a01f1bab88df0ce6d86393526910f80.exe	28
PID 532 wrote to memory of 2152	532	NEAS.9a01f1bab88df0ce6d86393526910f80.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.9a01f1bab88df0ce6d86393526910f80.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.9a01f1bab88df0ce6d86393526910f80.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:532
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 36
  2⤵
  - Program crash
  PID:2152

memory/532-0-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/532-1-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download