5ce9ac637e9a021a520e9e6f4581e53373fb51770196685ec976d239f3015847

Analysis

max time kernel
141s
max time network
127s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
01/11/2023, 14:20

Target

NEAS.d222d7d88f3fab89e4d539f390caf340.exe
Size

2.0MB
MD5

d222d7d88f3fab89e4d539f390caf340
SHA1

c0e7b492b16385d57b4b89f79f72c76db6170f31
SHA256

5ce9ac637e9a021a520e9e6f4581e53373fb51770196685ec976d239f3015847
SHA512

29947a3dc68369a144082e3fb7c010ef106dade2d5dcd20bd2a6908174dfed2287b18c10c7a532f1d195e1e9189e79ab948bba83259f9cc9b6dbcaaeb33d078f
SSDEEP

24576:BcEu1U5R1SNfYex1t4dIJ0S7RtyXF5YrGbnXezEX9G86DunxWmAqaCmMTWmQrN6Z:BLJb+yXSsez547wN6J21YIuOY18TE+z

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2940	1196	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1196 wrote to memory of 2940	1196	NEAS.d222d7d88f3fab89e4d539f390caf340.exe	28
PID 1196 wrote to memory of 2940	1196	NEAS.d222d7d88f3fab89e4d539f390caf340.exe	28
PID 1196 wrote to memory of 2940	1196	NEAS.d222d7d88f3fab89e4d539f390caf340.exe	28
PID 1196 wrote to memory of 2940	1196	NEAS.d222d7d88f3fab89e4d539f390caf340.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.d222d7d88f3fab89e4d539f390caf340.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.d222d7d88f3fab89e4d539f390caf340.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1196
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 320
  2⤵
  - Program crash
  PID:2940

memory/1196-0-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1196-1-0x0000000000400000-0x000000000060C000-memory.dmp

Filesize
2.0MB

Download
memory/1196-2-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download