44e848775b44e525c8768daea2a7f7d2c1c00c67eb4936553ccee570bc521689

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
04/11/2023, 07:49

Target

NEAS.90e32b2a058a7f70c2eec4904e4c6120.exe
Size

208KB
MD5

90e32b2a058a7f70c2eec4904e4c6120
SHA1

aee073b1af06ef743d7062da205f20375bbeaec5
SHA256

44e848775b44e525c8768daea2a7f7d2c1c00c67eb4936553ccee570bc521689
SHA512

548544ee415ac82a248f32a616fd63456ab7384a682fbcc8fadb6a96464692c7e198f7d1fb389c41181f802011882889632f9cf1327ea586876cf06b2e6ed68d
SSDEEP

768:n6cPsAifwZJ0cZGUk6vJOBdhqm2PeaiBWJQekfXsU02p/1H5FXdnh:6ccYH/Gnc+hmlJQekv702Lh

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2016	1404	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1404 wrote to memory of 2016	1404	NEAS.90e32b2a058a7f70c2eec4904e4c6120.exe	28
PID 1404 wrote to memory of 2016	1404	NEAS.90e32b2a058a7f70c2eec4904e4c6120.exe	28
PID 1404 wrote to memory of 2016	1404	NEAS.90e32b2a058a7f70c2eec4904e4c6120.exe	28
PID 1404 wrote to memory of 2016	1404	NEAS.90e32b2a058a7f70c2eec4904e4c6120.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.90e32b2a058a7f70c2eec4904e4c6120.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.90e32b2a058a7f70c2eec4904e4c6120.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1404
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 36
  2⤵
  - Program crash
  PID:2016

memory/1404-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download