85e04fcb9fdfb7efe5b54a55171983a8b202bbcc56d70b5b7b06a60e1f70086a

Analysis

max time kernel
118s
max time network
137s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
02/11/2023, 19:56

Target

NEAS.de1408a382b09a26f5e66dfa63019500.exe
Size

256KB
MD5

de1408a382b09a26f5e66dfa63019500
SHA1

baa75205fecc17a65069370e4d3315a084ba79ae
SHA256

85e04fcb9fdfb7efe5b54a55171983a8b202bbcc56d70b5b7b06a60e1f70086a
SHA512

f596149bfc21998d80d972d47ab57deac2a4df962ad99d1a9d8c395c912b554790886529be56f9025b3f1f75818311378229677bc647447a0f0587ef0211a8cb
SSDEEP

1536:3kBpGDet1SYuajYLWKJFjwNmLkixRQiRVRoRch1dROrwpOudRirVtFsrTpMGQYlL:3kvKtuhKJD3eiTWM1dQrTOwZtFKn

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2328	2304	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2304 wrote to memory of 2328	2304	NEAS.de1408a382b09a26f5e66dfa63019500.exe	28
PID 2304 wrote to memory of 2328	2304	NEAS.de1408a382b09a26f5e66dfa63019500.exe	28
PID 2304 wrote to memory of 2328	2304	NEAS.de1408a382b09a26f5e66dfa63019500.exe	28
PID 2304 wrote to memory of 2328	2304	NEAS.de1408a382b09a26f5e66dfa63019500.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.de1408a382b09a26f5e66dfa63019500.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.de1408a382b09a26f5e66dfa63019500.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 36
  2⤵
  - Program crash
  PID:2328

memory/2304-0-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download