27900c678727b8303b5d100d5174bc52530bca845330c736e4c1395dc8302804

Analysis

max time kernel
119s
max time network
130s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
11-11-2023 14:13

Target

NEAS.9450f151312a5191cdb629e33c2a8a60.exe
Size

260KB
MD5

9450f151312a5191cdb629e33c2a8a60
SHA1

4ac0f90e3db9618dd2785caa9e9c81fc4e34bce5
SHA256

27900c678727b8303b5d100d5174bc52530bca845330c736e4c1395dc8302804
SHA512

2c68b580c71e9e94c9e62c0f934432bd7aa83c0308424d08ea4864f069f51fae46d46bf2be1df01a84f0dc9481b8772b5214920611d9fb64bfd04c7bb4ce8662
SSDEEP

1536:LccYH/Gnc+hmlJQekwXq2L7+pm6+wDSmQFN6TiN1sJtvQ:NYt7QekwX3Spm6tm7N6TO1Sp

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2964	2420	WerFault.exe	16

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 2964	2420	NEAS.9450f151312a5191cdb629e33c2a8a60.exe	28
PID 2420 wrote to memory of 2964	2420	NEAS.9450f151312a5191cdb629e33c2a8a60.exe	28
PID 2420 wrote to memory of 2964	2420	NEAS.9450f151312a5191cdb629e33c2a8a60.exe	28
PID 2420 wrote to memory of 2964	2420	NEAS.9450f151312a5191cdb629e33c2a8a60.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.9450f151312a5191cdb629e33c2a8a60.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.9450f151312a5191cdb629e33c2a8a60.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 36
  2⤵
  - Program crash
  PID:2964

memory/2420-0-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download