2c48389bd84e0b236840cf7050fc6ce0d48f05855afd525828c031a009c3036a

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
01/11/2023, 04:11

Target

NEAS.2e101104cf89404cd4634ddb11270400.exe
Size

208KB
MD5

2e101104cf89404cd4634ddb11270400
SHA1

c2ddb7f772d97dbfdda73e1e8bc9b66acd2eb49e
SHA256

2c48389bd84e0b236840cf7050fc6ce0d48f05855afd525828c031a009c3036a
SHA512

f1789637f3bc3bc464e2070addbc7a83d1d1811067664cabf59589266470cc04cff2acadd2e1f10f019f99a8cb09863321c10bc64b6d679853633dc94883dc37
SSDEEP

768:Dp8wniENZqixHLE8fT0urVfRXip3lhDmJutU+4l/l/t89IencXMbMMzJvBCVr2p3:l8siKvDrQ1hDDacA8MMlvMT4Y/G

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1816	1676	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 1816	1676	NEAS.2e101104cf89404cd4634ddb11270400.exe	28
PID 1676 wrote to memory of 1816	1676	NEAS.2e101104cf89404cd4634ddb11270400.exe	28
PID 1676 wrote to memory of 1816	1676	NEAS.2e101104cf89404cd4634ddb11270400.exe	28
PID 1676 wrote to memory of 1816	1676	NEAS.2e101104cf89404cd4634ddb11270400.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.2e101104cf89404cd4634ddb11270400.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.2e101104cf89404cd4634ddb11270400.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 36
  2⤵
  - Program crash
  PID:1816

memory/1676-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download