0379b53b54d4e83b4ae82ba3516434c48e3764cb9229378ec22b5d0d4459f970 | Triage

Analysis

max time kernel
122s
max time network
135s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
01/11/2023, 14:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.d851704e6e0919a7f4b6c8a8c0241e70.exe
Size

212KB
MD5

d851704e6e0919a7f4b6c8a8c0241e70
SHA1

9efa0e1c863e0e82daa978f882965acc4f699f3d
SHA256

0379b53b54d4e83b4ae82ba3516434c48e3764cb9229378ec22b5d0d4459f970
SHA512

488c247284067252e8237673ffb77506ad430d130c6d049fd0c2e6212bd4b7736d941a2619a56033d7a973b9472cb28418a7b9746363cdf89534e812f9b65a81
SSDEEP

1536:O7wPh0lvoO6e3sJ4ntkS8LXFkT8RQqR/R:nSl96e8qtkHC8eqV

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2208	2092	WerFault.exe	17

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 2208	2092	NEAS.d851704e6e0919a7f4b6c8a8c0241e70.exe	28
PID 2092 wrote to memory of 2208	2092	NEAS.d851704e6e0919a7f4b6c8a8c0241e70.exe	28
PID 2092 wrote to memory of 2208	2092	NEAS.d851704e6e0919a7f4b6c8a8c0241e70.exe	28
PID 2092 wrote to memory of 2208	2092	NEAS.d851704e6e0919a7f4b6c8a8c0241e70.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.d851704e6e0919a7f4b6c8a8c0241e70.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.d851704e6e0919a7f4b6c8a8c0241e70.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 36
  2⤵
  - Program crash
  PID:2208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2092-0-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download