178de85d09d3a55e8da9908f34504a00af8044f27f88c688a96e8cdd314cd7e4

Analysis

max time kernel
119s
max time network
126s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
11/11/2023, 15:47

Target

NEAS.36967cc4c689052d5d7f948317d06ee0.exe
Size

268KB
MD5

36967cc4c689052d5d7f948317d06ee0
SHA1

ece2ce90f8353888f1ecd3c02ff7de0e00945b40
SHA256

178de85d09d3a55e8da9908f34504a00af8044f27f88c688a96e8cdd314cd7e4
SHA512

8f485d306908cdbfe1587cd9102d748e0a2dcc566a4acaf84fd5cf648039ec8b63030bc2e82965e25bced6dc158b046e5a2ab31c279a07d7a7c3d0227d55321a
SSDEEP

3072:qObVVBTEqvjiEbG7mCgwLLjF8BIb0Lg3LX36nSylqdePw0v0wnJcefSXQHPTTAkd:qOW0VW6ntrxtnJfKXqPTX7D

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1740	2104	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 1740	2104	NEAS.36967cc4c689052d5d7f948317d06ee0.exe	28
PID 2104 wrote to memory of 1740	2104	NEAS.36967cc4c689052d5d7f948317d06ee0.exe	28
PID 2104 wrote to memory of 1740	2104	NEAS.36967cc4c689052d5d7f948317d06ee0.exe	28
PID 2104 wrote to memory of 1740	2104	NEAS.36967cc4c689052d5d7f948317d06ee0.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.36967cc4c689052d5d7f948317d06ee0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.36967cc4c689052d5d7f948317d06ee0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 36
  2⤵
  - Program crash
  PID:1740

memory/2104-0-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download