9c0049df8cc5ec9912f07b6460dac164c8e916c3cdaa3d7fa91cbac288e7b47a

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
02-11-2023 16:46

Target

NEAS.9790d2ab06f6111379806d7b6a243800.exe
Size

284KB
MD5

9790d2ab06f6111379806d7b6a243800
SHA1

ce02c8fd36cdb0e828b4835a75f75ae1a534ce58
SHA256

9c0049df8cc5ec9912f07b6460dac164c8e916c3cdaa3d7fa91cbac288e7b47a
SHA512

fd240369feb9bb6122298afba2e81f4af36544db7e8075aed725fbfa857234d9076519ce9ab37678c4fd43cbbe57773ba51b25b9f881312d62ae5662a9bc471a
SSDEEP

3072:M8RinudiP52xx67lLdhviHCcd1WdTCn93OGey/ZhJakrP:5kgiPA6Rf9ceTCndOGeKTa

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1680	2040	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 1680	2040	NEAS.9790d2ab06f6111379806d7b6a243800.exe	28
PID 2040 wrote to memory of 1680	2040	NEAS.9790d2ab06f6111379806d7b6a243800.exe	28
PID 2040 wrote to memory of 1680	2040	NEAS.9790d2ab06f6111379806d7b6a243800.exe	28
PID 2040 wrote to memory of 1680	2040	NEAS.9790d2ab06f6111379806d7b6a243800.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.9790d2ab06f6111379806d7b6a243800.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.9790d2ab06f6111379806d7b6a243800.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 36
  2⤵
  - Program crash
  PID:1680

memory/2040-0-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download