aa9ffc1e040fc94adc084f3a662778884317fa3f857e07991f2fd170f093da10

Analysis

max time kernel
122s
max time network
143s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
16/10/2023, 18:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.d24a3c34b5df8b17e00cb62026bde1e0.exe
Size

298KB
MD5

d24a3c34b5df8b17e00cb62026bde1e0
SHA1

60d5930201f43083fbfd6bf3ffc8e323f82d041f
SHA256

aa9ffc1e040fc94adc084f3a662778884317fa3f857e07991f2fd170f093da10
SHA512

fd5135a45efbde242c991593850eac2e8e827397895dcfb02ca31afa19fbfb9919dc875553c7282becd87509f506b35f7b7c67326adf7bc8a4078bac5dd539b9
SSDEEP

6144:MNJsICnU9Q8NFqtA/yGZya9mJPxjtZis6JugnpRLN/PoJ:MHsICnEL/ys0JPxj/i1LN/PoJ

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1272 set thread context of 2620	1272	NEAS.d24a3c34b5df8b17e00cb62026bde1e0.exe	29

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2760	1272	WerFault.exe	6
2980	2620	WerFault.exe	29

Suspicious use of WriteProcessMemory 25 IoCs

description	pid	Process	procid_target
PID 1272 wrote to memory of 2620	1272	NEAS.d24a3c34b5df8b17e00cb62026bde1e0.exe	29
PID 1272 wrote to memory of 2620	1272	NEAS.d24a3c34b5df8b17e00cb62026bde1e0.exe	29
PID 1272 wrote to memory of 2620	1272	NEAS.d24a3c34b5df8b17e00cb62026bde1e0.exe	29
PID 1272 wrote to memory of 2620	1272	NEAS.d24a3c34b5df8b17e00cb62026bde1e0.exe	29
PID 1272 wrote to memory of 2620	1272	NEAS.d24a3c34b5df8b17e00cb62026bde1e0.exe	29
PID 1272 wrote to memory of 2620	1272	NEAS.d24a3c34b5df8b17e00cb62026bde1e0.exe	29
PID 1272 wrote to memory of 2620	1272	NEAS.d24a3c34b5df8b17e00cb62026bde1e0.exe	29
PID 1272 wrote to memory of 2620	1272	NEAS.d24a3c34b5df8b17e00cb62026bde1e0.exe	29
PID 1272 wrote to memory of 2620	1272	NEAS.d24a3c34b5df8b17e00cb62026bde1e0.exe	29
PID 1272 wrote to memory of 2620	1272	NEAS.d24a3c34b5df8b17e00cb62026bde1e0.exe	29
PID 1272 wrote to memory of 2620	1272	NEAS.d24a3c34b5df8b17e00cb62026bde1e0.exe	29
PID 1272 wrote to memory of 2620	1272	NEAS.d24a3c34b5df8b17e00cb62026bde1e0.exe	29
PID 1272 wrote to memory of 2620	1272	NEAS.d24a3c34b5df8b17e00cb62026bde1e0.exe	29
PID 1272 wrote to memory of 2620	1272	NEAS.d24a3c34b5df8b17e00cb62026bde1e0.exe	29
PID 1272 wrote to memory of 2760	1272	NEAS.d24a3c34b5df8b17e00cb62026bde1e0.exe	32
PID 1272 wrote to memory of 2760	1272	NEAS.d24a3c34b5df8b17e00cb62026bde1e0.exe	32
PID 1272 wrote to memory of 2760	1272	NEAS.d24a3c34b5df8b17e00cb62026bde1e0.exe	32
PID 1272 wrote to memory of 2760	1272	NEAS.d24a3c34b5df8b17e00cb62026bde1e0.exe	32
PID 2620 wrote to memory of 2980	2620	AppLaunch.exe	33
PID 2620 wrote to memory of 2980	2620	AppLaunch.exe	33
PID 2620 wrote to memory of 2980	2620	AppLaunch.exe	33
PID 2620 wrote to memory of 2980	2620	AppLaunch.exe	33
PID 2620 wrote to memory of 2980	2620	AppLaunch.exe	33
PID 2620 wrote to memory of 2980	2620	AppLaunch.exe	33
PID 2620 wrote to memory of 2980	2620	AppLaunch.exe	33

C:\Users\Admin\AppData\Local\Temp\NEAS.d24a3c34b5df8b17e00cb62026bde1e0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.d24a3c34b5df8b17e00cb62026bde1e0.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1272
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2620
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 196
    3⤵
    - Program crash
    PID:2980
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 92
  2⤵
  - Program crash
  PID:2760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2620-0-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2620-1-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2620-3-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2620-2-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2620-4-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2620-5-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2620-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2620-7-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2620-9-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2620-11-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads