38a4158757da3de05d8b43e6644a6a87ef3621a62c2030be45038dca50fe9401

Analysis

max time kernel
122s
max time network
130s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
16/10/2023, 18:30

Target

NEAS.9c6cc343a741e703b2e5c38d5690fb60.exe
Size

980KB
MD5

9c6cc343a741e703b2e5c38d5690fb60
SHA1

e506a71992be4d7a9fe7001180b3e3873d021d4a
SHA256

38a4158757da3de05d8b43e6644a6a87ef3621a62c2030be45038dca50fe9401
SHA512

eedfbed8a9fbccb4ad33ced1caf0858cd744a064764bf83c7f0bfc4b136f1b1faafb19f2762ecdcd954cf28d6f3301538af4f6f437016fe9590f62bc9aa13e7a
SSDEEP

12288:iSzFGsfXKlrEGkdI4qZAuN/JIzI5nC/SMZoSqenFYl0FIAL:iaFGsfXKVEVdI4WNRICJMzFHL

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2088	2080	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2088	2080	NEAS.9c6cc343a741e703b2e5c38d5690fb60.exe	28
PID 2080 wrote to memory of 2088	2080	NEAS.9c6cc343a741e703b2e5c38d5690fb60.exe	28
PID 2080 wrote to memory of 2088	2080	NEAS.9c6cc343a741e703b2e5c38d5690fb60.exe	28
PID 2080 wrote to memory of 2088	2080	NEAS.9c6cc343a741e703b2e5c38d5690fb60.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.9c6cc343a741e703b2e5c38d5690fb60.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.9c6cc343a741e703b2e5c38d5690fb60.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 212
  2⤵
  - Program crash
  PID:2088