8b3c07877b93ee9fcf545a91caf6354f0ec2c3609205ff82e5a2fb5a87a1f94d | Triage

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
22/10/2023, 17:23

Sharing

Report Analysis Logs

General

Target

NEAS.927001290e10da37d708c2abb1c67970.exe
Size

256KB
MD5

927001290e10da37d708c2abb1c67970
SHA1

8a179d2366083c18508f2ad706143f14a34dbb81
SHA256

8b3c07877b93ee9fcf545a91caf6354f0ec2c3609205ff82e5a2fb5a87a1f94d
SHA512

f6e608ccbd0b21348168d7f8db7cae568776ef084bcec3476e19bcdcac949f8a2ed7c65c7302bc1b1c12da387e05737b381155684848f890a4c55ba3969c760c
SSDEEP

3072:fC6xRyfFP0o35cc+rp3OUz0TWM1dQrTOwZtFKn:fC6xRydsS+JN+M9Zi

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process
2132	2144	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2144 wrote to memory of 2132	2144	NEAS.927001290e10da37d708c2abb1c67970.exe	16
PID 2144 wrote to memory of 2132	2144	NEAS.927001290e10da37d708c2abb1c67970.exe	16
PID 2144 wrote to memory of 2132	2144	NEAS.927001290e10da37d708c2abb1c67970.exe	16
PID 2144 wrote to memory of 2132	2144	NEAS.927001290e10da37d708c2abb1c67970.exe	16

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 36
1⤵
- Program crash
PID:2132

C:\Users\Admin\AppData\Local\Temp\NEAS.927001290e10da37d708c2abb1c67970.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.927001290e10da37d708c2abb1c67970.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2144-0-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download