a1918a6cf7ceda26026b0fc440d8890e2c8403c7aa39672eae73ed85f5cc03a3

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
02/11/2023, 16:50

Target

NEAS.d059c4e6de47471834916cfb72d99b90.exe
Size

642KB
MD5

d059c4e6de47471834916cfb72d99b90
SHA1

32d512df56d4c87bbbee37a62c04f729214f876c
SHA256

a1918a6cf7ceda26026b0fc440d8890e2c8403c7aa39672eae73ed85f5cc03a3
SHA512

2b5600cdbbca135fe7e392b090d8fc826c4a299ca72cac226c8609c0936ca168cbe61e914e712e1c554a316f90c83b844f8b56d08d4a031575cdba80ac2a4375
SSDEEP

6144:wqDAwl0xPTMiR9JSSxPUKPdodHheV/Hwz4zmpPNipd5sFPkJ8c:w+67XR9JSSxvPdodHhIHufPNa5oP48c

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2140	2016	WerFault.exe	1

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 2140	2016	NEAS.d059c4e6de47471834916cfb72d99b90.exe	28
PID 2016 wrote to memory of 2140	2016	NEAS.d059c4e6de47471834916cfb72d99b90.exe	28
PID 2016 wrote to memory of 2140	2016	NEAS.d059c4e6de47471834916cfb72d99b90.exe	28
PID 2016 wrote to memory of 2140	2016	NEAS.d059c4e6de47471834916cfb72d99b90.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.d059c4e6de47471834916cfb72d99b90.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.d059c4e6de47471834916cfb72d99b90.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 36
  2⤵
  - Program crash
  PID:2140