15f543642fa0d55ab3b3814422de88cf31156efddb84c99ef7487484c852cffe

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
02/11/2023, 14:34

Target

NEAS.cf7d9beb7c6aad1194b278e25bc03b20.exe
Size

260KB
MD5

cf7d9beb7c6aad1194b278e25bc03b20
SHA1

8ad2e7b8583142ae8b38b03a07e622f3f67dd9fa
SHA256

15f543642fa0d55ab3b3814422de88cf31156efddb84c99ef7487484c852cffe
SHA512

360af009782cdc78a7cd6f133404b3e77aa6d81d7e85b72987eeb81ccac0eaadb2fdada006ea127f36081933cecc3b7075f0591a0274ba8ad7bd374ab583651a
SSDEEP

1536:Q5EBWDbBp8AYvB8B4STzPhGJ+aPvBsqlkpOM6bOLXi8PmCofGV:Q5TvBp4vByPoQyL2pDrLXfzoeV

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2576	2064	WerFault.exe	24

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 2576	2064	NEAS.cf7d9beb7c6aad1194b278e25bc03b20.exe	28
PID 2064 wrote to memory of 2576	2064	NEAS.cf7d9beb7c6aad1194b278e25bc03b20.exe	28
PID 2064 wrote to memory of 2576	2064	NEAS.cf7d9beb7c6aad1194b278e25bc03b20.exe	28
PID 2064 wrote to memory of 2576	2064	NEAS.cf7d9beb7c6aad1194b278e25bc03b20.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.cf7d9beb7c6aad1194b278e25bc03b20.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.cf7d9beb7c6aad1194b278e25bc03b20.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 36
  2⤵
  - Program crash
  PID:2576

memory/2064-0-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download