9726cf868f4626eed11ff62f2588ffe27b8ecfb694a5a702f99991594fabfb13 | Triage

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
04/11/2023, 09:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.006974e2f70bef6af8a3cdf7c3a133f0_JC.exe
Size

582KB
MD5

006974e2f70bef6af8a3cdf7c3a133f0
SHA1

580d7f12679f71e3634d9a09c9e1e5e659498273
SHA256

9726cf868f4626eed11ff62f2588ffe27b8ecfb694a5a702f99991594fabfb13
SHA512

f2fc77ff49df4ad846a53adeda82405000965a4a742dba3016b5490d5a14880eba6464cf9209396eea09df2927b4a08dee085e8cf2a6060b3b33fd4f84307a72
SSDEEP

12288:npHeP/7VZJlLFMPyd5RKdoDraxzNFqJWgh3:p+VZDnDexFqJWgh3

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2972	284	WerFault.exe	16

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 284 wrote to memory of 2972	284	NEAS.006974e2f70bef6af8a3cdf7c3a133f0_JC.exe	28
PID 284 wrote to memory of 2972	284	NEAS.006974e2f70bef6af8a3cdf7c3a133f0_JC.exe	28
PID 284 wrote to memory of 2972	284	NEAS.006974e2f70bef6af8a3cdf7c3a133f0_JC.exe	28
PID 284 wrote to memory of 2972	284	NEAS.006974e2f70bef6af8a3cdf7c3a133f0_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.006974e2f70bef6af8a3cdf7c3a133f0_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.006974e2f70bef6af8a3cdf7c3a133f0_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:284
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 284 -s 160
  2⤵
  - Program crash
  PID:2972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/284-0-0x0000000000830000-0x000000000089B000-memory.dmp

Filesize
428KB

Download
memory/284-1-0x0000000000830000-0x000000000089B000-memory.dmp

Filesize
428KB

Download