5e3410ee4715da1120a0e3811f340c5def1e6dff2ca58eb74e4cc593389bff9f

Analysis

max time kernel
141s
max time network
122s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
03-11-2023 12:30

Target

NEAS.fceae66e3fa84e737de318c30cd8a6f0.exe
Size

409KB
MD5

fceae66e3fa84e737de318c30cd8a6f0
SHA1

776773c5ded4e72c14fbb1e902fa623a150d7d88
SHA256

5e3410ee4715da1120a0e3811f340c5def1e6dff2ca58eb74e4cc593389bff9f
SHA512

577c1da62195e7a71df15393493f2dafc41e103adb08bf24cf8d3f93e4c34167686fa2fc5d58c43344f854bc3839264e4ad159c6d4dd3e7eda00a55028bb269a
SSDEEP

6144:L0rqjuDmZ0WdRcm4FmowdHoSuNZgZ0Wd/OWdPS2LStOshOWdPS2Ln:7uo14wFHoS/F5fC5L

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1816	2104	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 1816	2104	NEAS.fceae66e3fa84e737de318c30cd8a6f0.exe	28
PID 2104 wrote to memory of 1816	2104	NEAS.fceae66e3fa84e737de318c30cd8a6f0.exe	28
PID 2104 wrote to memory of 1816	2104	NEAS.fceae66e3fa84e737de318c30cd8a6f0.exe	28
PID 2104 wrote to memory of 1816	2104	NEAS.fceae66e3fa84e737de318c30cd8a6f0.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.fceae66e3fa84e737de318c30cd8a6f0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.fceae66e3fa84e737de318c30cd8a6f0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 140
  2⤵
  - Program crash
  PID:1816

memory/2104-0-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/2104-9-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download