2dcf9190c0a55f197c21e6f53a2bccdd8579cbb8b95647bb17b0cc0c4ac3fa0a

Analysis

max time kernel
132s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
01/11/2023, 14:18

Target

NEAS.bb5afaa6e6e71b9409d80fe7e5221d90.exe
Size

260KB
MD5

bb5afaa6e6e71b9409d80fe7e5221d90
SHA1

e8a7542827c00c21280ebc4e7330d7c74d9f3770
SHA256

2dcf9190c0a55f197c21e6f53a2bccdd8579cbb8b95647bb17b0cc0c4ac3fa0a
SHA512

7e348287183c79c77c8905938003fed73bec58ba63407767dba4f6f1fccbad887ab091794ee10c1011868a57a2e4af8b9b93115ba7eaccb8b58d1c091d8c4d68
SSDEEP

1536:24I4EBK4zCZolnsVd57RrIc2L77pm6+wDSmQFN6TiN1sJtvQ:P0zC6lnsJJIVfpm6tm7N6TO1Sp

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1120	2956	WerFault.exe	87

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2956 wrote to memory of 1120	2956	NEAS.bb5afaa6e6e71b9409d80fe7e5221d90.exe	94
PID 2956 wrote to memory of 1120	2956	NEAS.bb5afaa6e6e71b9409d80fe7e5221d90.exe	94
PID 2956 wrote to memory of 1120	2956	NEAS.bb5afaa6e6e71b9409d80fe7e5221d90.exe	94

C:\Users\Admin\AppData\Local\Temp\NEAS.bb5afaa6e6e71b9409d80fe7e5221d90.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.bb5afaa6e6e71b9409d80fe7e5221d90.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 224
  2⤵
  - Program crash
  PID:1120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2956 -ip 2956
1⤵
PID:860

memory/2956-0-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download