b951de77b778a0178efd0d6afd377bdc864cde728cacb0e57bfe93ea90dc601d

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
03/11/2023, 13:05

Target

NEAS.02a28e806fbfa4cecc15ce254d7c9f20.exe
Size

204KB
MD5

02a28e806fbfa4cecc15ce254d7c9f20
SHA1

64a3bbdd766c0ad7ba04b52ee71a7616f398a796
SHA256

b951de77b778a0178efd0d6afd377bdc864cde728cacb0e57bfe93ea90dc601d
SHA512

cdb3e79c241681b663c3468a0eb133f453d37e190a17e15cc86daaeb78fcb15e86e5295bbc022cf7af6bdc5b1f308ad48162e9a54db9bb54bfbba9cec91ea4ef
SSDEEP

768:DcZl1T/JKjL3IGNZT5K5BTeuXVEXkVPf8hswRr22p/1H5UXdnh:DM87IGV5K5BRVEXkp0hsk22LY

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1460	2108	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 1460	2108	NEAS.02a28e806fbfa4cecc15ce254d7c9f20.exe	28
PID 2108 wrote to memory of 1460	2108	NEAS.02a28e806fbfa4cecc15ce254d7c9f20.exe	28
PID 2108 wrote to memory of 1460	2108	NEAS.02a28e806fbfa4cecc15ce254d7c9f20.exe	28
PID 2108 wrote to memory of 1460	2108	NEAS.02a28e806fbfa4cecc15ce254d7c9f20.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.02a28e806fbfa4cecc15ce254d7c9f20.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.02a28e806fbfa4cecc15ce254d7c9f20.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 36
  2⤵
  - Program crash
  PID:1460

memory/2108-0-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download