5a2a567ef1b7a8bc09df497003995e82cb37eca2392f7f332d7459abd25b2454

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
22/10/2023, 17:30

Target

NEAS.e0b44bd349071e2aa14c24565b0e9830.exe
Size

212KB
MD5

e0b44bd349071e2aa14c24565b0e9830
SHA1

9478be9903f872d5d4b8f5880f23ff6a751d9d4b
SHA256

5a2a567ef1b7a8bc09df497003995e82cb37eca2392f7f332d7459abd25b2454
SHA512

ad64d118fcde655dd15d018b7a6556dc036ff719d5e5ecf72625e81b5bdc5892746569b503401d1b9741c557e8c1c11f02165ecf7f8a638754b8a9e27ac8244f
SSDEEP

1536:13apwXo6snSI7+4TfjBskSx8x35ncc+rpPJrpHpkxLOUR1/xR/R:hC6xRyfFP0o35cc+rpcOUzJV

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
1524	3064	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 1524	3064	NEAS.e0b44bd349071e2aa14c24565b0e9830.exe	14
PID 3064 wrote to memory of 1524	3064	NEAS.e0b44bd349071e2aa14c24565b0e9830.exe	14
PID 3064 wrote to memory of 1524	3064	NEAS.e0b44bd349071e2aa14c24565b0e9830.exe	14
PID 3064 wrote to memory of 1524	3064	NEAS.e0b44bd349071e2aa14c24565b0e9830.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 36
1⤵
- Program crash
PID:1524

C:\Users\Admin\AppData\Local\Temp\NEAS.e0b44bd349071e2aa14c24565b0e9830.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.e0b44bd349071e2aa14c24565b0e9830.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3064

memory/3064-0-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download