c77798512022bcfd7252e9ba395395457aeaac73f15fa6145f0ccbb1931930c3

Analysis

max time kernel
141s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
16/10/2023, 18:27

Target

NEAS.87aebb8bf1656911676cd0e9511d2250.exe
Size

581KB
MD5

87aebb8bf1656911676cd0e9511d2250
SHA1

1c7f8ab07d522933d710c702d8734eb82e374eb1
SHA256

c77798512022bcfd7252e9ba395395457aeaac73f15fa6145f0ccbb1931930c3
SHA512

2daa9e0f0e17171babae3fe1b449c0dae2d452316371dd8d2b8e7b71851b654e05c8b4914cf46fbb05226395ce5f78878b3729e84da2eac1a08c3a5f50aeea41
SSDEEP

3072:wCaoAs101Pol0xPTM7mRCAdJSSxPUkl3VTMQTCk/dN92sdNhavtrVdewnAx3wmVw:wqDAwl0xPTMiR9JSSxPUKPdodHn

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4140	1664	WerFault.exe	82
3304	1664	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1664 wrote to memory of 4140	1664	NEAS.87aebb8bf1656911676cd0e9511d2250.exe	85
PID 1664 wrote to memory of 4140	1664	NEAS.87aebb8bf1656911676cd0e9511d2250.exe	85
PID 1664 wrote to memory of 4140	1664	NEAS.87aebb8bf1656911676cd0e9511d2250.exe	85

C:\Users\Admin\AppData\Local\Temp\NEAS.87aebb8bf1656911676cd0e9511d2250.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.87aebb8bf1656911676cd0e9511d2250.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 224
  2⤵
  - Program crash
  PID:4140
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 224
  2⤵
  - Program crash
  PID:3304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1664 -ip 1664
1⤵
PID:4560