fc425c3114c68a43fd9094cfa858bc0918c393a04a25953840be92e8533208f9

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
11/11/2023, 12:53

Target

NEAS.b18d8e448bc077f42dff6aff7f2cf850.exe
Size

252KB
MD5

b18d8e448bc077f42dff6aff7f2cf850
SHA1

1e45ef212c22e3f5f60d3d6aadc28c33ab1b85c5
SHA256

fc425c3114c68a43fd9094cfa858bc0918c393a04a25953840be92e8533208f9
SHA512

97b27552d6b7a396070c28090011c3f51d1a3c99243adb1098205e209a54916f3a18bd1388c702b078e64c1e962a857e470fcf19894a352fd5b060c7f5654195
SSDEEP

3072:Rz6/zpPgXz+iq4aOhWIzQaEzKtm5MCMyELiAHONd:QbJgXNqZOhWI2zlKbBu

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2192	2120	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 2192	2120	NEAS.b18d8e448bc077f42dff6aff7f2cf850.exe	19
PID 2120 wrote to memory of 2192	2120	NEAS.b18d8e448bc077f42dff6aff7f2cf850.exe	19
PID 2120 wrote to memory of 2192	2120	NEAS.b18d8e448bc077f42dff6aff7f2cf850.exe	19
PID 2120 wrote to memory of 2192	2120	NEAS.b18d8e448bc077f42dff6aff7f2cf850.exe	19

C:\Users\Admin\AppData\Local\Temp\NEAS.b18d8e448bc077f42dff6aff7f2cf850.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.b18d8e448bc077f42dff6aff7f2cf850.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 36
  2⤵
  - Program crash
  PID:2192

memory/2120-0-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download