f3ba8f0ce4540f4495e16cfc5fdba19f1b3b90a40bd9fb1d44273bbc6f339748

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
01/11/2023, 14:10

Target

NEAS.65a6f6ab5b63de7f3ad8b4330fc847a0.exe
Size

252KB
MD5

65a6f6ab5b63de7f3ad8b4330fc847a0
SHA1

fb7452694666a8ca46e032de5365e9d28a060f0e
SHA256

f3ba8f0ce4540f4495e16cfc5fdba19f1b3b90a40bd9fb1d44273bbc6f339748
SHA512

3dda08ed184345ce6c2c7976a137c9e603ff69a8e34eef5c28825668f5e5870fcb1bc9ea5d45bb864b9c7eccb8cf7b44f73bb1ee9c15e2598606f8f63d3df932
SSDEEP

1536:hUFCmbY993toIE9RdR2xy1m+Lw8d/B0CMy0QiLiizHNQNd:hECmbi2IK2xvawY50CMyELiAHONd

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
844	3064	WerFault.exe	18

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 844	3064	NEAS.65a6f6ab5b63de7f3ad8b4330fc847a0.exe	28
PID 3064 wrote to memory of 844	3064	NEAS.65a6f6ab5b63de7f3ad8b4330fc847a0.exe	28
PID 3064 wrote to memory of 844	3064	NEAS.65a6f6ab5b63de7f3ad8b4330fc847a0.exe	28
PID 3064 wrote to memory of 844	3064	NEAS.65a6f6ab5b63de7f3ad8b4330fc847a0.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.65a6f6ab5b63de7f3ad8b4330fc847a0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.65a6f6ab5b63de7f3ad8b4330fc847a0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 36
  2⤵
  - Program crash
  PID:844

memory/3064-0-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download