090b6c45e6277efe400572a682227de2eb664b2b0f2ada9c98aff0fc1e91468c

Analysis

max time kernel
117s
max time network
150s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
28/10/2023, 19:59

Target

NEAS.a9d5f9052cf16c733fc5fdf366d25600.exe
Size

1.7MB
MD5

a9d5f9052cf16c733fc5fdf366d25600
SHA1

9e4449661dfdca43cb18471275ff52d2732db858
SHA256

090b6c45e6277efe400572a682227de2eb664b2b0f2ada9c98aff0fc1e91468c
SHA512

38b0fc1e9c3910687b8d5a660080c410e158f1f09982b67f4c8ff9aa39113de009d37ee33a760a9dfedd5cebee6de9ab8324928df5bad12e4d8ab3aa5e675cf8
SSDEEP

24576:6LMDJqW0wa/N6AJwXNfwyyixho5FYfHt1eJifM1U0qPWIXAkqI:6L40wZAyi+PqQGiTZPWIX

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2616	2660	WerFault.exe	15

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2660 wrote to memory of 2616	2660	NEAS.a9d5f9052cf16c733fc5fdf366d25600.exe	29
PID 2660 wrote to memory of 2616	2660	NEAS.a9d5f9052cf16c733fc5fdf366d25600.exe	29
PID 2660 wrote to memory of 2616	2660	NEAS.a9d5f9052cf16c733fc5fdf366d25600.exe	29
PID 2660 wrote to memory of 2616	2660	NEAS.a9d5f9052cf16c733fc5fdf366d25600.exe	29

C:\Users\Admin\AppData\Local\Temp\NEAS.a9d5f9052cf16c733fc5fdf366d25600.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.a9d5f9052cf16c733fc5fdf366d25600.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2660
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 664
  2⤵
  - Program crash
  PID:2616

memory/2660-0-0x0000000000120000-0x00000000002CE000-memory.dmp

Filesize
1.7MB

Download
memory/2660-1-0x0000000074E80000-0x000000007556E000-memory.dmp

Filesize
6.9MB

Download
memory/2660-2-0x0000000074E80000-0x000000007556E000-memory.dmp

Filesize
6.9MB

Download
memory/2660-3-0x0000000001FE0000-0x0000000002020000-memory.dmp

Filesize
256KB

Download
memory/2660-4-0x0000000001FE0000-0x0000000002020000-memory.dmp

Filesize
256KB

Download