1b9f34e9d45a8d8bc976c2bf8200632f526e6f271df5965428503a400444b512

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
05-11-2023 06:02

Target

NEAS.d1dd4690fbd78547eb0db4c26ab38030_JC.exe
Size

184KB
MD5

d1dd4690fbd78547eb0db4c26ab38030
SHA1

630c2cb3c5cc2097390d0471542c9b37a8802055
SHA256

1b9f34e9d45a8d8bc976c2bf8200632f526e6f271df5965428503a400444b512
SHA512

2ee298c0ffc1231682fa5751de4d73e9e1307ffb93693722014c5ad6679bb9573cc44a0324af323e94ca49418c9930af151e99ebb3ce51b78f3dc7fae23f35d9
SSDEEP

3072:jmKm63onpkO6+d4BTs8Yzb2Kqlvnqwvius:jmOoa64ByzyKqlPqwviu

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2824	2096	WerFault.exe	27

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2096	NEAS.d1dd4690fbd78547eb0db4c26ab38030_JC.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2096 wrote to memory of 2824	2096	NEAS.d1dd4690fbd78547eb0db4c26ab38030_JC.exe	28
PID 2096 wrote to memory of 2824	2096	NEAS.d1dd4690fbd78547eb0db4c26ab38030_JC.exe	28
PID 2096 wrote to memory of 2824	2096	NEAS.d1dd4690fbd78547eb0db4c26ab38030_JC.exe	28
PID 2096 wrote to memory of 2824	2096	NEAS.d1dd4690fbd78547eb0db4c26ab38030_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.d1dd4690fbd78547eb0db4c26ab38030_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.d1dd4690fbd78547eb0db4c26ab38030_JC.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2096
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 240
  2⤵
  - Program crash
  PID:2824