02dc748037f9ca23c9841962bdb692ede7a12214e49076ebb251423f95772bd3

Analysis

max time kernel
120s
max time network
137s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
02/11/2023, 15:33

Target

NEAS.d292fac9e698a1b7c29c7cb920677f20_JC.exe
Size

72KB
MD5

d292fac9e698a1b7c29c7cb920677f20
SHA1

8df3218bc4f1a23e9bc9cd7b7653d996b459b12c
SHA256

02dc748037f9ca23c9841962bdb692ede7a12214e49076ebb251423f95772bd3
SHA512

b2456eeb0334e04820c77057dad8f4c68e6175792d096fb402c9c6c5b98503a46ba5f8dcc6800078b4c7b587ebfc6f0b7af0671c0524e473548bdb363b22ef32
SSDEEP

768:Ktw5IkTQ8p0uc2CqNfQ43g2wp2ZZfDssNPFWmlDjY/O2vjrIFbc11hgbuPMBv0cF:ZICQ8pzcOZxouNWmlDjixObcracM9k

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1060	2232	WerFault.exe	18

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 1060	2232	NEAS.d292fac9e698a1b7c29c7cb920677f20_JC.exe	28
PID 2232 wrote to memory of 1060	2232	NEAS.d292fac9e698a1b7c29c7cb920677f20_JC.exe	28
PID 2232 wrote to memory of 1060	2232	NEAS.d292fac9e698a1b7c29c7cb920677f20_JC.exe	28
PID 2232 wrote to memory of 1060	2232	NEAS.d292fac9e698a1b7c29c7cb920677f20_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.d292fac9e698a1b7c29c7cb920677f20_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.d292fac9e698a1b7c29c7cb920677f20_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 36
  2⤵
  - Program crash
  PID:1060

memory/2232-0-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download