94505a9e241828d6f8ba586ce8853f2e951628308c2c5a3d81f80d97568376d9

Analysis

max time kernel
120s
max time network
130s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
07/11/2023, 20:49

Target

NEAS.fe3af9d0d3de6aeac14cdbb5ad0879c0.exe
Size

228KB
MD5

fe3af9d0d3de6aeac14cdbb5ad0879c0
SHA1

d302846cef112601eddc8175cad05906932da784
SHA256

94505a9e241828d6f8ba586ce8853f2e951628308c2c5a3d81f80d97568376d9
SHA512

846b0c0a3d6de4f42a13d9784c2b09413303f82a20139201bd1f43764aaa386cece4bf0564e9ed7a74cd37d068c07ed7ae12ab7c219def3d159ffdf7c46d569d
SSDEEP

768:DEA+elap4nNM8+R6N5HzHa86fsWC/IrMkS8jx/1H5wT4XNEwQSF:D7+eltm8Y6jHO86s/IvVHS4Nc

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1148	2488	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 1148	2488	NEAS.fe3af9d0d3de6aeac14cdbb5ad0879c0.exe	28
PID 2488 wrote to memory of 1148	2488	NEAS.fe3af9d0d3de6aeac14cdbb5ad0879c0.exe	28
PID 2488 wrote to memory of 1148	2488	NEAS.fe3af9d0d3de6aeac14cdbb5ad0879c0.exe	28
PID 2488 wrote to memory of 1148	2488	NEAS.fe3af9d0d3de6aeac14cdbb5ad0879c0.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.fe3af9d0d3de6aeac14cdbb5ad0879c0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.fe3af9d0d3de6aeac14cdbb5ad0879c0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2488
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 36
  2⤵
  - Program crash
  PID:1148

memory/2488-0-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download