5ea6a03681b10b7c3c02644d562e7da14ce78b0dc77cc06a309f52638fdf0af6

Analysis

max time kernel
146s
max time network
126s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
31/10/2023, 08:53

Target

NEAS.4fa2b7461c04ea8d4d214b7738f354b0.exe
Size

474KB
MD5

4fa2b7461c04ea8d4d214b7738f354b0
SHA1

5b0c0523417b9150b9e0086521ae91b42ca37f8a
SHA256

5ea6a03681b10b7c3c02644d562e7da14ce78b0dc77cc06a309f52638fdf0af6
SHA512

35de58bd7cdbd1a6f3e63717aafe35c81fe03437a699c74e4e621fe575b58e6556e7657c692594e8c741376f0e7a9314ea0c52861f5667b407e03b524586ce8a
SSDEEP

12288:a/x89frYgstcr1R2ydMQE5LJhNbeeE7xoD46mJvC7Q70xarj/rfE:CxKrY3tcr1R2ydMQULhbeeE7xoD46mJI

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2692	1984	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 2692	1984	NEAS.4fa2b7461c04ea8d4d214b7738f354b0.exe	27
PID 1984 wrote to memory of 2692	1984	NEAS.4fa2b7461c04ea8d4d214b7738f354b0.exe	27
PID 1984 wrote to memory of 2692	1984	NEAS.4fa2b7461c04ea8d4d214b7738f354b0.exe	27
PID 1984 wrote to memory of 2692	1984	NEAS.4fa2b7461c04ea8d4d214b7738f354b0.exe	27

C:\Users\Admin\AppData\Local\Temp\NEAS.4fa2b7461c04ea8d4d214b7738f354b0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.4fa2b7461c04ea8d4d214b7738f354b0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 152
  2⤵
  - Program crash
  PID:2692

memory/1984-0-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/1984-1-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download