1480b4f94fc4cc535a615d3a05bc658815b808f041c34b32940e88725a7f8840

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
02/11/2023, 16:45

Target

NEAS.8be1cf00ea7c9659a4a30f046a79a7b0.exe
Size

208KB
MD5

8be1cf00ea7c9659a4a30f046a79a7b0
SHA1

c09cf72c02ac15f9f59bbc113271789985a2bc78
SHA256

1480b4f94fc4cc535a615d3a05bc658815b808f041c34b32940e88725a7f8840
SHA512

13e21a5544f49d94091691a96b115fc1321b65bb4a371c3e085e6a831c6d6633489640f9057e16a28671190477de4c384e3258d37c5266bf9430b6a8e0163ae7
SSDEEP

1536:fUDRi9T5sJdi9bxHNr2pnx6KaUuP6iuwJRFLOWL9iHW:f8RinudiP52xx67lLdh9iHW

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2804	2160	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 2804	2160	NEAS.8be1cf00ea7c9659a4a30f046a79a7b0.exe	28
PID 2160 wrote to memory of 2804	2160	NEAS.8be1cf00ea7c9659a4a30f046a79a7b0.exe	28
PID 2160 wrote to memory of 2804	2160	NEAS.8be1cf00ea7c9659a4a30f046a79a7b0.exe	28
PID 2160 wrote to memory of 2804	2160	NEAS.8be1cf00ea7c9659a4a30f046a79a7b0.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.8be1cf00ea7c9659a4a30f046a79a7b0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.8be1cf00ea7c9659a4a30f046a79a7b0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 36
  2⤵
  - Program crash
  PID:2804

memory/2160-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download