5c061b42d068c7f8a7056cb4c38585aa8f23daaea4fc4a074a381b350574ab5d

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
28/10/2023, 19:54

Target

NEAS.5b2a08cce32c63c5b17c645a1d27bbc0.exe
Size

260KB
MD5

5b2a08cce32c63c5b17c645a1d27bbc0
SHA1

effbe77df12588559f42526088710be8dde36def
SHA256

5c061b42d068c7f8a7056cb4c38585aa8f23daaea4fc4a074a381b350574ab5d
SHA512

9675803dffd6a9d06a726cddb5d4b09b388861ca9595b4bbaa32121d55ad848e8f10b5bef9c50729ad3c4389fecb26d059b02cfafad9ebc379beae2d1e93c53d
SSDEEP

1536:ojzXF8CvrJ4PBhDP35RTSx37q2o5e1ux3vCGVC7ZNfA:Kh8k6DP3bex32XR3vA7ZNo

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3020	2932	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 3020	2932	NEAS.5b2a08cce32c63c5b17c645a1d27bbc0.exe	28
PID 2932 wrote to memory of 3020	2932	NEAS.5b2a08cce32c63c5b17c645a1d27bbc0.exe	28
PID 2932 wrote to memory of 3020	2932	NEAS.5b2a08cce32c63c5b17c645a1d27bbc0.exe	28
PID 2932 wrote to memory of 3020	2932	NEAS.5b2a08cce32c63c5b17c645a1d27bbc0.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.5b2a08cce32c63c5b17c645a1d27bbc0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.5b2a08cce32c63c5b17c645a1d27bbc0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 36
  2⤵
  - Program crash
  PID:3020

memory/2932-0-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download