0dbd2bb25c8c644eb2d4747bc17c749e5fbb5cfa4a560598531383874b438178

Analysis

max time kernel
121s
max time network
133s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
11/11/2023, 11:56

Target

NEAS.37f013c31624bf13b8d17dd121821c10.exe
Size

284KB
MD5

37f013c31624bf13b8d17dd121821c10
SHA1

2c83f375599120f4a6d93dce07a6c119d9c57523
SHA256

0dbd2bb25c8c644eb2d4747bc17c749e5fbb5cfa4a560598531383874b438178
SHA512

a80881f68393aec5ebe185e8d276ea41c81cdc8e1de83bd628966153a57492e7a0d2173024f7640bd4e9852b1414a02db9e74c194d8eb19139a3b6b7e8fbaecf
SSDEEP

3072:9yWC07DDH79msEocX1WdTCn93OGey/ZhJakrP:JC0fr7ssEocoTCndOGeKTa

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2032	2204	WerFault.exe	20

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2032	2204	NEAS.37f013c31624bf13b8d17dd121821c10.exe	28
PID 2204 wrote to memory of 2032	2204	NEAS.37f013c31624bf13b8d17dd121821c10.exe	28
PID 2204 wrote to memory of 2032	2204	NEAS.37f013c31624bf13b8d17dd121821c10.exe	28
PID 2204 wrote to memory of 2032	2204	NEAS.37f013c31624bf13b8d17dd121821c10.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.37f013c31624bf13b8d17dd121821c10.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.37f013c31624bf13b8d17dd121821c10.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 36
  2⤵
  - Program crash
  PID:2032

memory/2204-0-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download