728fe529e366889586ee8404f39075f7f0e752efd52c2fee5a92d5ce45c1bb76 | Triage

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
07/11/2023, 20:19

Sharing

Report Analysis Logs

General

Target

NEAS.a01b2adbc66dd13ee2b18b5b77610dc0.exe
Size

1.5MB
MD5

a01b2adbc66dd13ee2b18b5b77610dc0
SHA1

79cbdba30fdd3e5ca57197754937a9bed6229b60
SHA256

728fe529e366889586ee8404f39075f7f0e752efd52c2fee5a92d5ce45c1bb76
SHA512

54e6c55c7dabd5a993cdfbbebf3f459e4963c70ff12ef0cf15ea664c80c092fe8143a539cc1079d263f45346b9fcf8c244bc07e867fea906c540130279b6f6d2
SSDEEP

12288:ABAsu/1OsCzbT7YebtN2rMFpouF0/DD0:RMzEgNPFpoz/0

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2296-0-0x0000000000400000-0x0000000000581000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2760	2296	WerFault.exe	19

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 2760	2296	NEAS.a01b2adbc66dd13ee2b18b5b77610dc0.exe	27
PID 2296 wrote to memory of 2760	2296	NEAS.a01b2adbc66dd13ee2b18b5b77610dc0.exe	27
PID 2296 wrote to memory of 2760	2296	NEAS.a01b2adbc66dd13ee2b18b5b77610dc0.exe	27
PID 2296 wrote to memory of 2760	2296	NEAS.a01b2adbc66dd13ee2b18b5b77610dc0.exe	27

C:\Users\Admin\AppData\Local\Temp\NEAS.a01b2adbc66dd13ee2b18b5b77610dc0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.a01b2adbc66dd13ee2b18b5b77610dc0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 36
  2⤵
  - Program crash
  PID:2760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2296-0-0x0000000000400000-0x0000000000581000-memory.dmp

Filesize
1.5MB

Download