2c21330f8e22ca111df5236516eced3527eb6f32d1f73d4c12e7795fc29adb9c | Triage

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
11-11-2023 14:17

Sharing

Report Analysis Logs

General

Target

NEAS.adf57eb9e88b3adb311b214dbf23f660.exe
Size

260KB
MD5

adf57eb9e88b3adb311b214dbf23f660
SHA1

bfe22bac9111fbaa447c0b16dc335beed3b0a9d0
SHA256

2c21330f8e22ca111df5236516eced3527eb6f32d1f73d4c12e7795fc29adb9c
SHA512

073ca0faf4bb0f5af2462161a776f2f624711e622b719b0f4bc9d87f221b62c07e8cc3ad054226ddf9862713eb59d9f04cd2047742b00b3bbae1b93f340ca2c5
SSDEEP

3072:uejo1fhNWUqsKUj2538BQ3incDrLXfzoeV:ZUq3b5MBQ3iWXfxV

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1988	1764	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1764 wrote to memory of 1988	1764	NEAS.adf57eb9e88b3adb311b214dbf23f660.exe	28
PID 1764 wrote to memory of 1988	1764	NEAS.adf57eb9e88b3adb311b214dbf23f660.exe	28
PID 1764 wrote to memory of 1988	1764	NEAS.adf57eb9e88b3adb311b214dbf23f660.exe	28
PID 1764 wrote to memory of 1988	1764	NEAS.adf57eb9e88b3adb311b214dbf23f660.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.adf57eb9e88b3adb311b214dbf23f660.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.adf57eb9e88b3adb311b214dbf23f660.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1764
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 36
  2⤵
  - Program crash
  PID:1988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1764-0-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download