252a80b49d4361e0ecfe8dbff501c360b1ad9d22462a3bd3fee4c15bd133f10a

Analysis

max time kernel
122s
max time network
137s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
02/11/2023, 16:42

Target

NEAS.37fa108a0c1a06cc0b318aa23f846070.exe
Size

63KB
MD5

37fa108a0c1a06cc0b318aa23f846070
SHA1

f3501edcc19c23a41ec1cc6e3bc6d4f6e2dcf99c
SHA256

252a80b49d4361e0ecfe8dbff501c360b1ad9d22462a3bd3fee4c15bd133f10a
SHA512

a2a6d3aabbf5c95bd877d3f0f9671abdb2b75350958e17f15d19dbb133b75e0ae1fdcc8d0a0566c083e5c7a35275d8eed9cfe2704aeb591b5439ff46c425caf9
SSDEEP

1536:r7tscn9dWDOHcwucvokwhHJjRrKPT9zrk/FYIAgYP:HthvOQc4vTwxf2b9zQbYP

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1588	2732	WerFault.exe	4

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 1588	2732	NEAS.37fa108a0c1a06cc0b318aa23f846070.exe	28
PID 2732 wrote to memory of 1588	2732	NEAS.37fa108a0c1a06cc0b318aa23f846070.exe	28
PID 2732 wrote to memory of 1588	2732	NEAS.37fa108a0c1a06cc0b318aa23f846070.exe	28
PID 2732 wrote to memory of 1588	2732	NEAS.37fa108a0c1a06cc0b318aa23f846070.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.37fa108a0c1a06cc0b318aa23f846070.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.37fa108a0c1a06cc0b318aa23f846070.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 36
  2⤵
  - Program crash
  PID:1588

memory/2732-0-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2732-1-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download