82341c9feb25aa0d36b7fe9af56d8e61aaaf1cf0e019e7c28a396987283ce6a9 | Triage

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
01/11/2023, 14:09

Sharing

Report Analysis Logs

General

Target

NEAS.5cdb301d0f8be8c516817c147e792a90.exe
Size

119KB
MD5

5cdb301d0f8be8c516817c147e792a90
SHA1

d24c693bb6d7b6c76549210adb276ef9543a273c
SHA256

82341c9feb25aa0d36b7fe9af56d8e61aaaf1cf0e019e7c28a396987283ce6a9
SHA512

6c8b001d943b762f1344d3c413f81baff678310e6b48125911dca2e4d00ebea18341f57db8093aee4340ed5511e6a2f74096b5714e867701b094255f8e8c75d0
SSDEEP

3072:6Zn/3Hyhcqit0eDaux+H5jLv1nZ0Rkf1lb+m4:iS+tZOwiLj11lg

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process
2968	2160	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 2968	2160	NEAS.5cdb301d0f8be8c516817c147e792a90.exe	14
PID 2160 wrote to memory of 2968	2160	NEAS.5cdb301d0f8be8c516817c147e792a90.exe	14
PID 2160 wrote to memory of 2968	2160	NEAS.5cdb301d0f8be8c516817c147e792a90.exe	14
PID 2160 wrote to memory of 2968	2160	NEAS.5cdb301d0f8be8c516817c147e792a90.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 36
1⤵
- Program crash
PID:2968

C:\Users\Admin\AppData\Local\Temp\NEAS.5cdb301d0f8be8c516817c147e792a90.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.5cdb301d0f8be8c516817c147e792a90.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2160-0-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2160-1-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download