ea124aa7a0a115bf113ba68b91795d4dd72df9f67ace091b809b41ab3b6e4a07

Analysis

max time kernel
117s
max time network
126s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
02/11/2023, 16:43

Target

NEAS.531c38ef9eb7787222813e77d323e410.exe
Size

608KB
MD5

531c38ef9eb7787222813e77d323e410
SHA1

8143314e3ab7f36e4dbbc3c61f5932ac091e0cfe
SHA256

ea124aa7a0a115bf113ba68b91795d4dd72df9f67ace091b809b41ab3b6e4a07
SHA512

28979294aa2a2e72f9eb584f1e22609eefdc400401c0c053b0811ee897d3e1fc4383890943437c5296b86e0d36eb22470098638abc6e03be5534b371439c1bd6
SSDEEP

3072:N6yjuBAS1S8JMMiKApnj2YiOjxT8Tr+88m+V8tF0IxIT08oM+CZUbbpscQ8hjjk:6GS1LJMPpmOlM8m+VYF0OGF9jUScr

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2364	2220	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2364	2220	NEAS.531c38ef9eb7787222813e77d323e410.exe	28
PID 2220 wrote to memory of 2364	2220	NEAS.531c38ef9eb7787222813e77d323e410.exe	28
PID 2220 wrote to memory of 2364	2220	NEAS.531c38ef9eb7787222813e77d323e410.exe	28
PID 2220 wrote to memory of 2364	2220	NEAS.531c38ef9eb7787222813e77d323e410.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.531c38ef9eb7787222813e77d323e410.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.531c38ef9eb7787222813e77d323e410.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 36
  2⤵
  - Program crash
  PID:2364