aeff7d97df842d1fbf5f05bd09c48bdedab77afbfb2228c962c70c454bbf2035

Analysis

max time kernel
107s
max time network
42s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
07-11-2023 17:01

Target

NEAS.1cddd03c247d3992da574ce83c5433b0.exe
Size

232KB
MD5

1cddd03c247d3992da574ce83c5433b0
SHA1

97531f9e1633d4f9aa2fc5b67ea0b2b3f2647b7c
SHA256

aeff7d97df842d1fbf5f05bd09c48bdedab77afbfb2228c962c70c454bbf2035
SHA512

562aafa2a7e5106e0f592beca22878533ea20b3d7104e5420cad3de4d54c2c17a4454ff5f5179f7c32dc730ba0de90a1781dbfa40129677a34348e837aee2871
SSDEEP

384:ZXWOs74sdmFxUFda+aUmeeUclnasS+ML629n07O3g+VW9ZJmPyC4Q86pZyyzxMcV:sE0Fd6U6ny+5HWgEW44ipdlMcBc7ru

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2748	2652	WerFault.exe	19

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2652 wrote to memory of 2748	2652	NEAS.1cddd03c247d3992da574ce83c5433b0.exe	29
PID 2652 wrote to memory of 2748	2652	NEAS.1cddd03c247d3992da574ce83c5433b0.exe	29
PID 2652 wrote to memory of 2748	2652	NEAS.1cddd03c247d3992da574ce83c5433b0.exe	29
PID 2652 wrote to memory of 2748	2652	NEAS.1cddd03c247d3992da574ce83c5433b0.exe	29

C:\Users\Admin\AppData\Local\Temp\NEAS.1cddd03c247d3992da574ce83c5433b0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.1cddd03c247d3992da574ce83c5433b0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2652
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 36
  2⤵
  - Program crash
  PID:2748

memory/2652-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2652-1-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download