92df0d0428c2ad155bff29b4ba0e2937d91cef8586a44ef35715840baeccf376

Analysis

max time kernel
167s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
02/11/2023, 19:58

Target

NEAS.75e25d1fec29b20996201c8e916ac900.exe
Size

212KB
MD5

75e25d1fec29b20996201c8e916ac900
SHA1

fd126e174bc68a5fb6f136f24053fac68c8bcce1
SHA256

92df0d0428c2ad155bff29b4ba0e2937d91cef8586a44ef35715840baeccf376
SHA512

0d7a2bf892cedc026e40f2d81481795cdcd1baebb5acccfe23652e7420d246504858c29ca19a70e3d7f2c22d27d2777541dc386fd6df8a00d331e1812d3ddcfb
SSDEEP

768:ptkB/Fe+6iIZ/wKWmpoD95HcBWcMjEAI5AHb1oocoooooooooooooowooooooohr:vkB/d6X/q1D95JcMVuYmo

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3136	2852	WerFault.exe	86
5084	2852	WerFault.exe	86

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2852 wrote to memory of 3136	2852	NEAS.75e25d1fec29b20996201c8e916ac900.exe	93
PID 2852 wrote to memory of 3136	2852	NEAS.75e25d1fec29b20996201c8e916ac900.exe	93
PID 2852 wrote to memory of 3136	2852	NEAS.75e25d1fec29b20996201c8e916ac900.exe	93

C:\Users\Admin\AppData\Local\Temp\NEAS.75e25d1fec29b20996201c8e916ac900.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.75e25d1fec29b20996201c8e916ac900.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2852
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 192
  2⤵
  - Program crash
  PID:3136
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 192
  2⤵
  - Program crash
  PID:5084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2852 -ip 2852
1⤵
PID:1832

memory/2852-0-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download