713ee2ccfd01affa33e97b1d4b0a317831810bf69432293329e7a6dea8a238b4

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
11/11/2023, 13:52

Target

NEAS.bf157c1efa267f53fafedece4e9059d0.exe
Size

212KB
MD5

bf157c1efa267f53fafedece4e9059d0
SHA1

bfd9e45cb800c9cf464b55fef1e47e4412302efa
SHA256

713ee2ccfd01affa33e97b1d4b0a317831810bf69432293329e7a6dea8a238b4
SHA512

703907efa317d722ee9c6c8d0fd60cdcac59b686b595e9ddfeabab6b53f7ab763b99fc8ff9bc617f7bd714faf1c776e7d920160afa99dcdb8fb212f234a7b2ef
SSDEEP

1536:3UDRi9T5sJdi9bxHNr2pnx6KaUuP6iuwJRFROWLbiHW:38RinudiP52xx67lLdh1iHW

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2884	2888	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 2884	2888	NEAS.bf157c1efa267f53fafedece4e9059d0.exe	28
PID 2888 wrote to memory of 2884	2888	NEAS.bf157c1efa267f53fafedece4e9059d0.exe	28
PID 2888 wrote to memory of 2884	2888	NEAS.bf157c1efa267f53fafedece4e9059d0.exe	28
PID 2888 wrote to memory of 2884	2888	NEAS.bf157c1efa267f53fafedece4e9059d0.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.bf157c1efa267f53fafedece4e9059d0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.bf157c1efa267f53fafedece4e9059d0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2888
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 36
  2⤵
  - Program crash
  PID:2884

memory/2888-0-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download