5d5751046bf10d08f1b36dcf7806c21c2ff8f73e82237ae4a5f4e060fb2415c4

Analysis

max time kernel
240s
max time network
287s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
21/10/2023, 21:27

Target

NEAS.a1c028718f9f1e16fcb157d5de363fc0.exe
Size

188KB
MD5

a1c028718f9f1e16fcb157d5de363fc0
SHA1

7cf09a8be54bbe94b9089232531c0c581fe79c25
SHA256

5d5751046bf10d08f1b36dcf7806c21c2ff8f73e82237ae4a5f4e060fb2415c4
SHA512

167a600ab27335ce862e75a9a7322c02863ec92055b23ec29809c690ba9b0bd42a7af8b1c7ae4acee93951d2a57e8473ec38f09e1ba220e8bf377d801142f834
SSDEEP

768:aEA+elap4nNM8+R6N5HzHa86fsWC/2rMI6+8C/1H5:a7+eltm8Y6jHO86s/2L4I

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2824	2960	WerFault.exe	17

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2960 wrote to memory of 2824	2960	NEAS.a1c028718f9f1e16fcb157d5de363fc0.exe	27
PID 2960 wrote to memory of 2824	2960	NEAS.a1c028718f9f1e16fcb157d5de363fc0.exe	27
PID 2960 wrote to memory of 2824	2960	NEAS.a1c028718f9f1e16fcb157d5de363fc0.exe	27
PID 2960 wrote to memory of 2824	2960	NEAS.a1c028718f9f1e16fcb157d5de363fc0.exe	27

C:\Users\Admin\AppData\Local\Temp\NEAS.a1c028718f9f1e16fcb157d5de363fc0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.a1c028718f9f1e16fcb157d5de363fc0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2960
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 36
  2⤵
  - Program crash
  PID:2824

memory/2960-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download