602ece86ba534bff134265310875b4e351d74a2013623e466191a5902e644b1b

Analysis

max time kernel
116s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
31/10/2023, 08:55

Target

NEAS.81549dc21f1dd3591e141d45b5ae3980.exe
Size

1.3MB
MD5

81549dc21f1dd3591e141d45b5ae3980
SHA1

57ec52ab2326860f0ace320e15ad5007f71fed39
SHA256

602ece86ba534bff134265310875b4e351d74a2013623e466191a5902e644b1b
SHA512

6741bab1095a2fd90a52e76365aac2286d70858c3f58eafdc45ab1a457f335e68a4cb64e884702139d704ee18e371b4bac2200962afc4407249f7bbbfa15065c
SSDEEP

24576:MXaRicFDnikUa0BVdybnnavdZNVESwGMx8/J2zTfF:E6ikU0bnaTNVESGoJ2zTfF

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1888	2372	WerFault.exe	87
4380	2372	WerFault.exe	87

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2372	NEAS.81549dc21f1dd3591e141d45b5ae3980.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2372	NEAS.81549dc21f1dd3591e141d45b5ae3980.exe
2372	NEAS.81549dc21f1dd3591e141d45b5ae3980.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 1888	2372	NEAS.81549dc21f1dd3591e141d45b5ae3980.exe	106
PID 2372 wrote to memory of 1888	2372	NEAS.81549dc21f1dd3591e141d45b5ae3980.exe	106
PID 2372 wrote to memory of 1888	2372	NEAS.81549dc21f1dd3591e141d45b5ae3980.exe	106

C:\Users\Admin\AppData\Local\Temp\NEAS.81549dc21f1dd3591e141d45b5ae3980.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.81549dc21f1dd3591e141d45b5ae3980.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 1516
  2⤵
  - Program crash
  PID:1888
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 1516
  2⤵
  - Program crash
  PID:4380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2372 -ip 2372
1⤵
PID:3872

memory/2372-0-0x0000000000400000-0x0000000000555000-memory.dmp

Filesize
1.3MB

Download
memory/2372-1-0x0000000000400000-0x0000000000555000-memory.dmp

Filesize
1.3MB

Download
memory/2372-2-0x0000000002DE0000-0x0000000002DE2000-memory.dmp

Filesize
8KB

Download
memory/2372-5-0x0000000000400000-0x0000000000555000-memory.dmp

Filesize
1.3MB

Download
memory/2372-6-0x0000000000400000-0x0000000000555000-memory.dmp

Filesize
1.3MB

Download
memory/2372-7-0x0000000002DE0000-0x0000000002DE2000-memory.dmp

Filesize
8KB

Download
memory/2372-8-0x0000000000400000-0x0000000000555000-memory.dmp

Filesize
1.3MB

Download
memory/2372-9-0x0000000000400000-0x0000000000555000-memory.dmp

Filesize
1.3MB

Download
memory/2372-12-0x0000000000400000-0x0000000000555000-memory.dmp

Filesize
1.3MB

Download