76eed56d1e86d0a28fa4c3ae8d928145745bbeed65262e17d72955e0170139f8

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
16-10-2023 18:33

Target

NEAS.b29024a0f530e02446d039248b9cc1e0.exe
Size

592KB
MD5

b29024a0f530e02446d039248b9cc1e0
SHA1

69e96b882c6590592a0cb949edf359803fa17c0a
SHA256

76eed56d1e86d0a28fa4c3ae8d928145745bbeed65262e17d72955e0170139f8
SHA512

7bcf2367dc6f8420b3592b63e84ad020bc4d57f4b1116e5a2aa6473ebbef84872e90e588bcd789312498957cf1a42d0b72ae5bcd48aed53cf916d34d05c7a6ec
SSDEEP

3072:+CaoAs101Pol0xPTM7mRCAdJSSxPUkl3VqMQTCk/dN92sdNhavtrVdewnAx3wmVa:+qDAwl0xPTMiR9JSSxPUKmdodHdT

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2404	2988	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 2404	2988	NEAS.b29024a0f530e02446d039248b9cc1e0.exe	28
PID 2988 wrote to memory of 2404	2988	NEAS.b29024a0f530e02446d039248b9cc1e0.exe	28
PID 2988 wrote to memory of 2404	2988	NEAS.b29024a0f530e02446d039248b9cc1e0.exe	28
PID 2988 wrote to memory of 2404	2988	NEAS.b29024a0f530e02446d039248b9cc1e0.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.b29024a0f530e02446d039248b9cc1e0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.b29024a0f530e02446d039248b9cc1e0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 36
  2⤵
  - Program crash
  PID:2404

memory/2988-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download