a1ae07b63e085b57da42aad09a9387e0688086322889377e7017eaad08a64c3d

Analysis

max time kernel
122s
max time network
142s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
02-11-2023 19:35

Target

NEAS.346846185f31321e661c5c40a68918b0.exe
Size

264KB
MD5

346846185f31321e661c5c40a68918b0
SHA1

86ad3956d7ea0887e2df75a65adc4f464baeb0c0
SHA256

a1ae07b63e085b57da42aad09a9387e0688086322889377e7017eaad08a64c3d
SHA512

a0508d41c44916e2d0ef54c29d34ad05606987b3971095e6a048b633a2f4fc844053a809380b43f3b9582956217e09a29f81b21d8e9917ceb15757c1a9aae4ab
SSDEEP

3072:MDciPb8vZBusvO3BlzQlSVDd1AZoUBW3FJeRuaWNX:cca8vZjO3h1dWZHEFJ7aWN

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2760	2136	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2136 wrote to memory of 2760	2136	NEAS.346846185f31321e661c5c40a68918b0.exe	28
PID 2136 wrote to memory of 2760	2136	NEAS.346846185f31321e661c5c40a68918b0.exe	28
PID 2136 wrote to memory of 2760	2136	NEAS.346846185f31321e661c5c40a68918b0.exe	28
PID 2136 wrote to memory of 2760	2136	NEAS.346846185f31321e661c5c40a68918b0.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.346846185f31321e661c5c40a68918b0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.346846185f31321e661c5c40a68918b0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2136
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 36
  2⤵
  - Program crash
  PID:2760

memory/2136-0-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download