cc5da7e30dfccd9fb96150dfd7d921acdd887f581fe62087a760097b24774433 | Triage

Analysis

max time kernel
19s
max time network
18s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
21/10/2023, 21:19

Sharing

Report Analysis Logs

General

Target

NEAS.521cdbfa8c1343b6b95efdaa9d056ad0.exe
Size

472KB
MD5

521cdbfa8c1343b6b95efdaa9d056ad0
SHA1

dbd8c7bbbabbc4998ea48816b1017f46781fde96
SHA256

cc5da7e30dfccd9fb96150dfd7d921acdd887f581fe62087a760097b24774433
SHA512

c093130bfd7c6b6c39aa57f07d02ba55115808b3d8c8fe18dc99ac25b76f30124db00e384deee7d967f5634acfce0319d880c07f0d8d12fb953ab86ebe6e6ccc
SSDEEP

3072:tt8RinudiP52xx67lLdpiHDoeFcgHrKhntybsk:MkgiPA6RPPmA4Ak

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
824	340	WerFault.exe	13

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 340 wrote to memory of 824	340	NEAS.521cdbfa8c1343b6b95efdaa9d056ad0.exe	28
PID 340 wrote to memory of 824	340	NEAS.521cdbfa8c1343b6b95efdaa9d056ad0.exe	28
PID 340 wrote to memory of 824	340	NEAS.521cdbfa8c1343b6b95efdaa9d056ad0.exe	28
PID 340 wrote to memory of 824	340	NEAS.521cdbfa8c1343b6b95efdaa9d056ad0.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.521cdbfa8c1343b6b95efdaa9d056ad0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.521cdbfa8c1343b6b95efdaa9d056ad0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:340
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 36
  2⤵
  - Program crash
  PID:824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/340-1-0x0000000000400000-0x0000000000476000-memory.dmp

Filesize
472KB

Download