ecc09adc90681a8b98386c0d3433572ce768841ac2a10b2ed49ddc38de18b368 | Triage

Analysis

max time kernel
117s
max time network
134s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
01/11/2023, 13:55

Sharing

Report Analysis Logs

General

Target

NEAS.279d6f058418eaba533306e892ce21e0.exe
Size

272KB
MD5

279d6f058418eaba533306e892ce21e0
SHA1

adfa58734ac970cf6817b5f62cb4095eb14ab199
SHA256

ecc09adc90681a8b98386c0d3433572ce768841ac2a10b2ed49ddc38de18b368
SHA512

0479b8d483068e5b017f57c60bcd68792d7bad0ee8ac83b9dc222a42eae7f4d7151a142bad64dd2998c02dce583811ac12b92893775cc1c7c167a0b119261523
SSDEEP

3072:aFKO/+AN30XttofAEYw8asCHNhMXi6Y0HYSx:aFa20gIEY2xUS6U

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2228	1568	WerFault.exe	8

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1568 wrote to memory of 2228	1568	NEAS.279d6f058418eaba533306e892ce21e0.exe	28
PID 1568 wrote to memory of 2228	1568	NEAS.279d6f058418eaba533306e892ce21e0.exe	28
PID 1568 wrote to memory of 2228	1568	NEAS.279d6f058418eaba533306e892ce21e0.exe	28
PID 1568 wrote to memory of 2228	1568	NEAS.279d6f058418eaba533306e892ce21e0.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.279d6f058418eaba533306e892ce21e0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.279d6f058418eaba533306e892ce21e0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1568
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 36
  2⤵
  - Program crash
  PID:2228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1568-0-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download