a19cb795f74e7b3bc8879eb8a5d4f2a3fa1275daacdfd334c69627de1f12932b

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
21/10/2023, 21:25

Target

NEAS.8803c8448e0a9a466dfe25d2a2dd9990.exe
Size

46KB
MD5

8803c8448e0a9a466dfe25d2a2dd9990
SHA1

fa926b5ecd931e56cf79057bfae822631d47b519
SHA256

a19cb795f74e7b3bc8879eb8a5d4f2a3fa1275daacdfd334c69627de1f12932b
SHA512

43349468c8ddda0ecd681b8953783db8bf1d63badfb79cdc722e9a4c28d5977d59adf8806ba9645afb3c6f1d855f2595fcd042c4ec845e3dfa2bf0d101f2ada5
SSDEEP

24:ev1GSeQ5nr2lGuAWfrIEC12Vliw0Gg/jITM3RNqmD3CwDAyoMQ78Iy0wsU/Di/A/:qe+2u2bCo0rITM3RN9vkdMMPyQU/DyA

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2056	2164	WerFault.exe	5

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 2056	2164	NEAS.8803c8448e0a9a466dfe25d2a2dd9990.exe	27
PID 2164 wrote to memory of 2056	2164	NEAS.8803c8448e0a9a466dfe25d2a2dd9990.exe	27
PID 2164 wrote to memory of 2056	2164	NEAS.8803c8448e0a9a466dfe25d2a2dd9990.exe	27
PID 2164 wrote to memory of 2056	2164	NEAS.8803c8448e0a9a466dfe25d2a2dd9990.exe	27

C:\Users\Admin\AppData\Local\Temp\NEAS.8803c8448e0a9a466dfe25d2a2dd9990.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.8803c8448e0a9a466dfe25d2a2dd9990.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 36
  2⤵
  - Program crash
  PID:2056

memory/2164-0-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download