Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system -
submitted
23/10/2023, 18:16
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
NEAS.ccd3d1ec6d5b5723225b7d0c6488de099b2b22c5b70bc1c521c148160f5997ccexe_JC.exe
Resource
win7-20231020-en
2 signatures
150 seconds
General
-
Target
NEAS.ccd3d1ec6d5b5723225b7d0c6488de099b2b22c5b70bc1c521c148160f5997ccexe_JC.exe
-
Size
593KB
-
MD5
010c9d1a915b7550181014f34ed12a80
-
SHA1
687bb9aa1047c3d19e76570e130d5efe76a9a336
-
SHA256
ccd3d1ec6d5b5723225b7d0c6488de099b2b22c5b70bc1c521c148160f5997cc
-
SHA512
2f15d87d03e3e2c6d007ae4668c294094eb6e570532eb596fa8d5955d857198c2ee7789ff72eb4928ace201cc6f4e5b183e15d076235948df27647af3732c5ae
-
SSDEEP
12288:2OW1vjJGGna1q5IscdEjcdja5VySGJE6awd6jQH171BFM2AYOMgKqhxgyVMwl1:2OW1LJ1na1Or0E4dj4+Ei/BFMlRMgt4M
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2440 2380 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2380 wrote to memory of 2440 2380 NEAS.ccd3d1ec6d5b5723225b7d0c6488de099b2b22c5b70bc1c521c148160f5997ccexe_JC.exe 28 PID 2380 wrote to memory of 2440 2380 NEAS.ccd3d1ec6d5b5723225b7d0c6488de099b2b22c5b70bc1c521c148160f5997ccexe_JC.exe 28 PID 2380 wrote to memory of 2440 2380 NEAS.ccd3d1ec6d5b5723225b7d0c6488de099b2b22c5b70bc1c521c148160f5997ccexe_JC.exe 28 PID 2380 wrote to memory of 2440 2380 NEAS.ccd3d1ec6d5b5723225b7d0c6488de099b2b22c5b70bc1c521c148160f5997ccexe_JC.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.ccd3d1ec6d5b5723225b7d0c6488de099b2b22c5b70bc1c521c148160f5997ccexe_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.ccd3d1ec6d5b5723225b7d0c6488de099b2b22c5b70bc1c521c148160f5997ccexe_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2380 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 6682⤵
- Program crash
PID:2440
-