ed504c21aea5ffbc90016735c8ef7b02c31e2bc6ba6b2df1015c19474b6370ec

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
28/10/2023, 18:05

Target

NEAS.2ceddb89e81c94e2523b9b31badada40.exe
Size

224KB
MD5

2ceddb89e81c94e2523b9b31badada40
SHA1

ae28097b0c196cff8f24384fab14f1f399f384b1
SHA256

ed504c21aea5ffbc90016735c8ef7b02c31e2bc6ba6b2df1015c19474b6370ec
SHA512

0afdb5aa4de3d7f38be491c56c54ef7a3fc31dbe98012188727a57a51f21fcc0b16571f566db808452052302e971b866cb05396ed55e6509a1dd5822856b7e1b
SSDEEP

768:hDApAJmxwUh6zO5g7Wfb8BvTRbdUE6Sijv7xCIBXDjX/1H51Xdnhgh:BsASwKScoNSLDhxP9NY

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1272	2068	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 1272	2068	NEAS.2ceddb89e81c94e2523b9b31badada40.exe	28
PID 2068 wrote to memory of 1272	2068	NEAS.2ceddb89e81c94e2523b9b31badada40.exe	28
PID 2068 wrote to memory of 1272	2068	NEAS.2ceddb89e81c94e2523b9b31badada40.exe	28
PID 2068 wrote to memory of 1272	2068	NEAS.2ceddb89e81c94e2523b9b31badada40.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.2ceddb89e81c94e2523b9b31badada40.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.2ceddb89e81c94e2523b9b31badada40.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 36
  2⤵
  - Program crash
  PID:1272

memory/2068-0-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download