abff905f206de9b75d9477cf2f93f659f39251a0e23958b499a1e0932109d838

Analysis

max time kernel
117s
max time network
145s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
03/11/2023, 09:45

Target

NEAS.58253dec5d47bb9932bdb3b214962af0.exe
Size

204KB
MD5

58253dec5d47bb9932bdb3b214962af0
SHA1

2020a1041ac9be3a06807585c10b4c1f1fb8afa4
SHA256

abff905f206de9b75d9477cf2f93f659f39251a0e23958b499a1e0932109d838
SHA512

365e75455df5ea7ec67fa2b0921a00b74f7f7844e4c33c109abf54206d3d949c22f18dea0969764ed32eeee13cff878060210888b15b5cc5eaf3b580e6f95e95
SSDEEP

768:bWYl144FI1YYn/lmR++msSu3K7QWi5WILebwNyHSV99RIKMb/1H5fGfXdnhg:bW34axlmR+++u32XtpbwQyLIvM

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2664	2608	WerFault.exe	28

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2608 wrote to memory of 2664	2608	NEAS.58253dec5d47bb9932bdb3b214962af0.exe	29
PID 2608 wrote to memory of 2664	2608	NEAS.58253dec5d47bb9932bdb3b214962af0.exe	29
PID 2608 wrote to memory of 2664	2608	NEAS.58253dec5d47bb9932bdb3b214962af0.exe	29
PID 2608 wrote to memory of 2664	2608	NEAS.58253dec5d47bb9932bdb3b214962af0.exe	29

C:\Users\Admin\AppData\Local\Temp\NEAS.58253dec5d47bb9932bdb3b214962af0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.58253dec5d47bb9932bdb3b214962af0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2608
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 36
  2⤵
  - Program crash
  PID:2664

memory/2608-0-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download